Networking's  50  greatest  arguments  of  all  time 

From  old  ones,  such  asToken  Ring  vs.  Ethernet, 
to  never-ending  ones,  such  as  Macs  vs.  PCs. 
Read  up  and  weigh  in.  Page  18. 


Your  Take:  Collaboration 

I  Fostering  collaboration  takes  an  effective  mix  of  technology,  planning  and 
§f  process,  says  Procter  &  Gamble’s  Laurie  Heltsley  (left),  and  her  peers  at 
n'  Sfl  T.  Rowe  Price  and  Boeing.  Page  34. 


Credit  card  security 
rules  are  becoming  a 
contentious  issue  as 
debate  over  antici¬ 
pated  Payment  Card 
Industry  standards 
and  their  impact 
heats  up.  Page  12. 


Teleworking 
without  the 
isolation 


‘Storm’  roughs 
up  NAC 

The  Storm  worm  has 
shown  an  ability  to 
undermine  NAC  ser¬ 
vices,  experts  said  at 
Interop  last  week.  It’s 
also  showing  a  mean 
streak.  Page  14. 


Clear  Choice  Test: 

HP’s  BladeSystem 
c3000  Enclosure  pro¬ 
vides  a  "data  center 
in  a  box”  that’s  well 
suited  to  branch 
offices. 


The  WiMAX  way 

Cisco’s  buy  of 
WiMAX  vendor 
Navini  shows  the 
network  giant  sees 
broadband  wireless 
access  as  a  key 
technology.  Just 
don’t  expect  it  to 
blossom  overnight. 
Page  56. 


BY  BRAD  REED 

Jon  Pierce’s  teleworking  office 
can’t  get  much  more  casual. 

Operating  out  of  the  third  floor 
of  a  Cambridge,  Mass.,  triple¬ 
decker  apartment  building, 
Pierce  and  several  of  his  peers 
come  to  work  dressed  in  jeans 
and  spend  their  days  pecking 
away  diligently  at  their  key¬ 
boards.  They  play  music  sans 
headphones  to  help  pass  the 
time,  with  the  new  Radiohead 
album  garnering  significant 
airplay  in  recent  days.  For 
leisure,  on  a  nearby  chair  they’ve 
set  up  an  electric  guitar  that  can 
be  played  during  break  time. 

While  they  may  look  like  col¬ 
lege  roommates  studying  for  a 
final  exam,  they’re  actually  part 
of  a  growing  trend  in  telework¬ 
ing.  After  they  spent  years  tele¬ 
working  at  home  or  at  the  local 
coffee  shop,  Pierce  and  his  col¬ 
leagues  banded  together  with 
others  to  form  Beta  House 
(www.nwdocfinder.com/2225) 
for  Web  entrepreneurs.  Co-work¬ 
ing  communities,  which  com¬ 
bine  the  relaxed,  informal  at¬ 
mosphere  of  working  at  home 
with  the  sociability  and  cost¬ 
sharing  of  an  office,  have 
emerged  as  alternatives  for  tele¬ 
commuters  who  miss  having 
See  Co-working,  page  20 


Delays  and  XP  stability 
making  Vista  resistible 

Year  after  release,  most  say  gains  not  worth  pain 


BY  JOHN  FONTANA 

Adoption  of  Microsoft’s  Vista  isn’t  slipping 
because  of  technical  gotchas,  but  rather 
because  of  the  repeated  delays  that  have 
knocked  it  out  of  sync  with  corporate  up¬ 
grade  cycles.That  has  led  many  companies 
to  sit  tight  on  standardized  Windows  XP 
desktops,  according  to  users. 

Questions  have  been  swirling  about 
what’s  wrong  with  Vista,  which  shipped 
nearly  a  year  ago  and  has  seen  lukewarm 
reception  at  best  from  the  IT  community 
The  fact  is  that  many  companies  finally 
have  stabilized  users  and  applications  on 
XP  and  have  little  interest  in  launch-  ^ 


ing  into  the  testing  and  management  of  an 
operating  system  whose  compelling  fea¬ 
tures  are  a  handful  of  security  and  perfor¬ 
mance  boosts. 

What  began  as  a  revolutionary  reworking 
of  the  Windows  operating  system  was  com¬ 
paratively  a  whimper  when  it  arrived  three 
years  later  than  first  promised  and  with  fea¬ 
tures,  such  as  the  WinFS  file  system,  re¬ 
moved,  which  robbed  it  of  its  bravado. 

Vista’s  reviews  do  include  some  technical 
concerns,  but  complaints  concerning 
device-driver  availability,  application  com¬ 
patibility  and  user-account  control  features 
See  Microsoft,  page  16 


BRIAN  SMITH,  TECHNOLOGY  MANAGER  AT  MARKETING 
COMMUNICATIONS  AGENCY  GEM  GROUP,  DECIDED  TO 
BAG  FIBRE  CHANNEL  IN  FAVOR  OF  ISCSI. 


iSCSI  over  10G  Ethernet 
ultimately  will  dethrone  Fibre 
Channel,  experts  predict,  so  it's 


not  too  early  to  start  planning 
a  migration. 
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When  you  need  someone  to  go 
the  extra  mile.  Above  and  beyond. 

Far  and  wide  -  to  get  you 
the  IT  help  you  need,  we're  there. 


More  demands  and  more  pressure.  Less  time  and  fewer  resources.  Business  today 
is  full  of  challenges.  When  it  comes  to  technology  CDW  will  do  what  it  takes  to 
respond  to  your  needs.  We  have  products  from  the  top  names  in  the  industry,  in 
almost  every  technology  category  imaginable.  Our  dedicated  account  managers 
and  technology  specialists  can  offer  advice  and  create  solutions,  from  the  simple 
to  the  complex.  We  even  have  a  full  range  of  custom  configuration  services  at 
your  disposal.  So  when  you  need  IT  help,  think  CDW.  We're  there  with  whatever 
you  need,  whenever  you  need  it. 


CONDUCTING  ONLINE 
TRAINING  FOR  THOUSANDS 
OF  GLOBAL  EMPLOYEES 


; 


Your  enterprise  faces  more  competing  pressures  than  ever.  You  have 
to  deliver  applications  to  offices  worldwide  while  protecting  vital  data. 
Give  workers  more  flexibility,  yet  maintain  enterprise  control.  Drive  up 
performance  and  lower  costs.  Now  you  can  do  it  all— with  Blue  Coat 
Systems.  As  a  leading  provider  of  WAN  application  delivery  solutions, 
our  appliances  integrate  seamlessly  into  your  WAN  infrastructure  to  give 
you  the  control  you  need  and  the  application  performance  you  demand. 


See  why  93  of  the  Fortune  Global  100  enjoy  the  best  of  both  worlds 
today  at  www.bluecoat.com 


©2007  Blue  Coat  Systems,  Inc.  All  rights  reserved. 
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GOODBADUGLY 


Rockies  sell  out 

After  its  effort  to  sell  tickets  to  the 
three  potential  World  Series  games  at 
Coors  Field  last  Monday  resulted  in 
embarrassment  after  an  external  mali¬ 
cious  attack  overloaded  the  ticketing 
system,  the  Colorado  Rockies  baseball 
team  gave  it  another  goTuesday  and 
sold  out  all  the  games. 
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iSCSI  over  I0G  Ethernet 
ultimately  will  dethrone 
Fibre  Channel,  experts  pre¬ 
dict,  so  its  not  too  early  to 
start  planning  a  migration. 


Brian  Smith,  technology 
manager  at  marketing  com¬ 
munications  agency  Gem 
Group,  decided  to  bag  fibre 
channel  in  flavor  of  iSCSI. 
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14  Storm  worm  can  befuddle  NAC. 

18  Networking’s  50  top  arguments. 

24  Seven  network  start-ups  land  funding. 

26  Opinion  Andreas  Antonopolous: 

Divided,  we  fall. 

28  Opinion  Kevin  Tolly:  Soft  hardware: 
the  joy  of  virtual  appliances. 

46  Clear  Choice  Test:  HP's  shorty’  pro¬ 
vides  new  angle  on  blade  server  market. 

56  WiMAX  has  a  long  way  to  go. 

ENTERPRISE  COMPUTING 

34  Your  Take:  T.  Rowe  Price  goes  2.0. 

38  Your  Take  Presence  comes  to  P&G. 

42  Your  Take:  Building  virtual  worlds  at 
Boeing. 

APPLICATION  SERVICES 

12  Payment-cards  standards  debated. 

22  Oracle  and  BE  A:  What  happen? 

58  Opinion  BackSpin:  Look  out!  It’s 
FrankenSCO! 

SERVICE  PROVIDERS 

26  Opinion  Scott  Bradner:  Internet  on 
the  road:  good  where  inexpensive. 
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33% 

100-999  employees  32% 
Total  voters  for  this  poll:  588 
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The  problem  with  SOA 

Nearly  nine  out  of  10  large  enterprises 
have  insufficient  governance  over  ser¬ 
vice-oriented  architecture  deployments, 
a  new  survey  has  found.  Most  SOA  ser¬ 
vices  go  into  production  without  gover¬ 
nance,  even  though  IT  executives  realize 
this  puts  them  at  significant  risk, 
according  to  the  survey  involving  1,300 
members  of  the  SOA  Forum. 


Ballmer  disses  Google 
Microsoft  CEO  Steve  Ballmer  said  last 
week,  in  a  swipe  at  rival  Google,  that  his 
company  has  no  plans  to  bid  on  wire¬ 
less  spectrum  in  January,  because 
being  a  wireless  carrier  goes  beyond  its 
core  competency.  "Contrary  to  our 
competition,  at  the  end  of  the  day  we 
think  we  have  a  core  competence,  and 
we  think  the  telecom  service  provider 
industry  has  a  core  competence,” 
Ballmer  said  at  CTI A  Wireless  I.T.  & 
Entertainment  2007  convention  in  San 
Francisco. 
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A  snapshot  of  how  networkworld.com 
visitors  voted  on  a  key  networking  issue 
last  week: 


COOL 


28  Opinion  Johna  Till  Johnson: 

Social  networks  and  the  wisdom  of  crowds. 


58  Opinion  ’Net  Buzz:  Unlimited  gall  to 
cost  Verizon. 


TECH  UPDATE 


30  The  evolution  of  antivirus  software. 


31  Mark  Gibbs:  Analyzing  Deferred 
Procedure  Calls. 


31  Keith  Shaw:  Digital  photo  frames 
go  wireless. 
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10  Catch  up  on  the  latest  online  stories, 
blogs,  newsletters  and  video. 


Who’s  hiring  in  2007  (by  size  of 
company) 


■  The  pictures  in 
the  Momento  100 
can  be  swapped 
out  wirelessly. 
See  Cool  Tools, 
page  31. 


PEERSAY 


Getting  tough  with  spammers 

Re:  Fooling  spammers  (www.nwdocfinder 
.com/2239): 

1  know  many  say  we  should  not  reply  to 
spam  and  it  should  simply  be  marked  and 
deleted.  However,  I’ve  taken  to  replying  to  a  lot 
of  the  spam  I  get  lately  Most  of  the  spam  I  get  is 
419  or  other  scams. 

Telling  the  offender 
that  the  FBI  will 
receive  their  fraudu¬ 
lent  e-mails  and  will 
be  investigating  them 
can  put  a  damper  on 
their  sending  if  they 
read  incoming  e- 
mails.  I  used  to  get 
hundreds  of  spam 
e-mails  daily  Over  the 
last  week  I’ve  gotten  less  than  40  TOTAL. 
Threatening  the  offenders  seems  to  work. 

Mike  Arienti 

Discuss  at  www.nwdocfinder.com/2240 

Why  we’re  sticking  with  XP 


VLANs  should  never  be  relied  on  as  a  pri¬ 
mary  protection  control  or  considered  a  secu¬ 
rity  mechanism.  And  VLAN  hopping  has  been 
around  for  a  long  time. 

I  won’t  go  into  the  details  of  the  hotel  con¬ 
figuration  that  allowed  this, but  I  will  say  it  was 
done  manually  two  years  ago,  during  a  cus¬ 
tomer-authorized  penetration  test.  Since  that 

time,  I  have  seen 
many  other  customer 
VoIP  environments 
that  allow  the  same 
issue. 

I  wrote  VoIP 
Hopper  in  order  to 
allow  VoIP  adminis¬ 
trators  and  network 
engineers  to  quickly 
test  and  automate 
the  task,  and  improve 
the  security  of  their  VoIP  environments. 

I’m  an  independent  security  guy  and  was 
offering  my  opinion  at  ToorCon.  I  like  both 
Cisco  and  Avaya,  and  work  for  neither  com¬ 
pany  Please  don’t  shoot  the  messenger. 

Jason  Ostrom 

Discuss  at  www.nwdocfinder.com/2243 
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used  to  get  hundreds  of 
spam  e-mails  daily  Over  the  last 
week  I’ve  gotten  less  than  40 
TOTAL. Threatening  the 
offenders  seems  to  work.55 


Re:  What’s  holding  Vista  back?  (www.nwdoc 
finder.com/2241): 

We  will  not  be  adopting  Vista  until  it  no 
longer  requires  Activation  and  is  no  longer  a 
performance  hog.  My  faculty  complains  bit¬ 
terly  of  the  home  systems  they  have  pur¬ 
chased  being  essentially  pigs.  The  same  goes 
for  Office  2007.They  much  prefer  the  XP-based 
systems  we  provide,  which  are  typically  a  year 
or  more  older  than  their  home  systems!  Vista  is 
a  boondoggle  Microsoft  must  fix,  if  they  want 
to  keep  us  using  their  kit. 

Charles  Soto 

Discuss  at  www.nwdocfinder.com/2242 


Hacking  a  hotel  network 


Re:  Hackers  gain  access  to  private  hotel  net¬ 
work  using  Cisco  VoIP  (www.nwdocfinder 
.com/2243): 

►  SPECIAL  NETWORK  WORLD  FEATURE 


SCAN  THIS  CODE 
with  your  cell 
phone  to  get  the 
latest  IT  network 
news  delivered  to 
your  cellular 
device. 
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IB  B 


To  get  the  client  "  " 

software,  use  your  phone  browser  to 

visit  wap.connexto.com 


For  more  information  on  code  scanning 
see  wwAv.nww.com/codescan 


Cracking  down  on  porn 

Re:  California  state  site  can’t  shake  porn 
problems  (www.nwdocfinder.com/2244): 

The  state’s  ISP  should  be  talking  with  the  fed¬ 
eral  government  agency  DISA.  This  agency 
uses  the  highest  security  networking  gear  on 
the  market.  Deep  packet  inspection  is  the  key 

Steve  Wilson 

Discuss  at  www.nwdocfinder.com/2245 

Slow  rate  of  IPv6  adoption 

Re:  Eat  your  own  (IPv6)  dogfood  (www.nw 
docfinder.com/2246): 

In  the  last  few  years,  working  in  both  a  major 
Aussie  bank  (ANZ)  and  AUS  branch  of  a  multi¬ 
national  (BP),  I  have  never  ever  heard  IP6 
mentioned  once.There  is  simply  no  incentive 
for  enterprise  to  migrate  to  IP6,  and  when  it 
comes  to  businesses,  they  are  never  going  to 
go  with  a  new  standard  for  anything  other 
than  benefit  to  their  own  bottom  line. 

With  service  providers,  that  is  an  entirely  dif¬ 
ferent  game,  but  with  enterprise?  They’ll  shift 
when  their  providers  force  them  to  shift. 
Simple  as  that. 

Heck  even  last  year’s  CCNA  syllabus  does 
not  cover  ANYTHING  on  IP6.  I  don’t  know 
whether  that’s  symptomatic  or  something  to 
be  worried  about! 


Johann  Lo 

Discuss  at  www.nwdocfinder.com/2246 

E-mail  letters  to  jdix@nww.com  or  send  them 
to  John  Dix,  editor  in  chief,  Network  World ,  118 
Turnpike  Road,  Southborough,  MA  01 772. 
Please  include  phone  number  and  address  for 
verification. 
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AM  SUN 


solid  state  reliability 

Introducing  the  new  Samsung  Flash  Solid  State  Drive  (SSD). 

No  moving  parts,  except  some  hardworking  electrons.  A  mean  time 
between  failures  (MTBF)  six  times  longer  than  a  hard  drive.  Virtually 
unlimited  shock  resistance.  And  power  use  that  extends  battery  life 
up  to  20%.  With  a  Samsung  SSD  inside  your  notebook,  your  data  is 
always  there  when  you  need  it. 

www.samsungssd.com 


Samsung  Solid  State  Drive 

A  new-generation  Flash  drive  available 
in  notebooks  from  leading  OEMs. 


endurance  (MTBF1)  >  over  2  million  hours 


read  speed 

>  100MB  /  sec 

write  speed 

>  80MB  /  Sec 

active  power  consumption 

<  0.5W 

system  boot  speed2 

<  24  sec 

operating  temperature 

L 

-25C  ~  85C 

_ .J 

shock  resistance  >1500G/ 0.5ms 


'Mean  Time  between  Failure 

?HP  NX9420,  XP  Pro,  Core  Duo  Processor  2.0Ghz,  512MB  RAM,  ICH  7,  i945  Chipset 
©  2007  Samsung.  All  rights  reserved. 
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1 BLOGOSPHERE 


■  What  hackers  know  about  SQL  Server 
Management  Studio  traffic.  New  Micro¬ 
soft  Subnet  blogger  Chris  Amaris  is  a  secu¬ 
rity  and  network/systems  management 
expert.  He  writes:  “It  is  an  often-overlooked 
fact  that  the  SQL  Server  Management 
Studio  is  a  potential  source  of  exploits  itself. 
Given  the  level  of  communications  with  data, 
code  and  passwords,  a  hacker  can  discover  a 
ton  of  information  from  the  traffic  generated 
by  the  SQL  Server  Management  Studio  tool. 
This  is  the  case  when  the  tool  is  loaded  on  a 
client  computer,  rather  than  the  server  itself. 
Fortunately,  the  communications  from  the 
SQL  Server  Management  Studio  on  a  client 
to  the  SQL  Server  2005  server  can  easily  be 
encrypted.  The  steps  to  do  this  are:  On  the 
Object  Explorer  toolbar,  click  Connect. 
Select  a  service,  such  as  the  Database 
Engine.  Select  a  server.  Click  on  the  Options 
button.  Check  the  Encrypt  Connection  box. 
Click  Connect.” 

www.nwdocfinder.com/2232 

■  Stop  hounding  employees  over  wire¬ 
less  personal  calls.  In  his  Compendium 
blog,  Adam  Gaffin  writes:  “Bill  Hughes  is  on 
a  crusade  to  get  penny-pinching  businesses 
to  stop  quibbling  and  pay  the  full  cost  of 
employees'  wireless  phone  service.  Network 
World's  Robert  Mullins  reports  from  the 
CTIA  wireless  convention  in  San  Francisco 
that  Hughes,  principal  wireless  industry 
analyst  at  In-Stat,  says  companies  are  being 
‘penny-wise  and  pound  foolish'  by  requiring 
employees  to  subtract  the  personal  calls 
they  make  each  month  before  seeking  reim¬ 
bursement  for  their  wireless  bills.  Given  the 
time  it  takes  an  employee  to  perform  the 
task  rather  than  the  job  they  were  hired  to 
do,  the  monthly  savings  to  the  company 
averages  out  ‘to  about  13  paper  clips,’  he 
says."  www.nwdocfinder.com/2233 

■  New  faces,  new  ideas.  Cisco  Subnet 
blogger  Jeff  Doyle  writes:  "I’m  attending 
RIPE  55  in  Amsterdam  this  week.  While  I've 
regularly  attended  NANOG  and  APRICOT 
over  the  years,  this  is  my  first  RIPE  meeting. 
And  while  I  always  look  forward  to  NANOG 
and  APRICOT  as  a  time  to  catch  up  with  old 
friends,  I  find  myself  standing  off  by  myself  in 
the  hallways  here,  sipping  coffee  and  scan¬ 
ning  the  crowds  for  familiar  faces. ...  So  I’m 
looking  forward  to  meeting  some  new  people, 
perhaps  making  a  few  new  friends,  and  of 
course  drumming  up  some  consulting  busi¬ 
ness.  But  more  importantly,  because  RIPE  is 
focused  on  address  policy  and  management 
rather  than  network  operations,  I’m  looking 
forward  to  getting  some  different  perspec¬ 
tives.”  www.nwdocfinder.com/2234 


INTERVIEWS,  THE  COOLEST  TOOLS  AND  MORE 


PANORAMA  PODCAST: 


TWISTED  PAIR  PODCAST: 


Wireless  pictures 
worth  1,001  words 

l-Mate's  Momento  digi¬ 
tal  picture  frames  can 
grab  photos  from  USB 
drives,  SD  cards  and 
through  the  Internet  via 
a  wireless  network  con¬ 
nection.  Keith  Shaw 
gives  the  digital  picture 
frame  a  close  look. 

www.nwdocfinder.com/2236 


Reai-life  scary 
security  stories 

Want  some  Halloween 
scares?  Listen  to  tales 
of  the  school  district 
where  compromised 
computers  were  giving 
up  data  for  months  and 
the  CSO  who  thought 
his  password  was 
secure  by  leaving  it  on  a 
Post-It  Note  under  his 
keyboard. 

www.nwdocfinder.com/2237 


ISPs  want  to  rule 
the  world 

Jason  Meserve  and 
Shaw  gab  about 
Comcast’s  broadband 
meddling,  the 
Facebook/Microsoft  love 
affair  and  whether  the 
Internet  can  be  a  good 
substitute  for  a  signifi¬ 
cant  other. 

www.nwdocfinder.com/2238 
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Readers  respond:  IT  talent 
crunch  -  myth  or  reality? 


Network/systems  management:  A 

recent  article  I  wrote  for  Network  World  dis¬ 
cussed  how  IT  managers  consider  attracting, 
developing  and  retaining  IT  employees  their 
No.  1  concern. The  article  got  a  few  people 
talking  in  our  online  community  One  reader 
says:“I  just  filled  an  IT  position  vacated  by  a 
retiring  baby-boomer.  I’m  not  fully  qualified 
for  it,  but  my  boss  recognized  my  ability  to 
learn  and  hired  me  anyway  There’s  a  lot  of 
OJT  involved,  but  I’m  able  to  successfully  per¬ 
form  some  of  my  duties  and  am  learning  the 
rest  on  the  fly.  I  would  suggest  that  employers 
looking  for  good  IT  help  recognize  there’s  a 
Plan  B:  hire  someone  who  doesn’t  have  all  of 
the  skills  the  job  requires  and  through  train¬ 
ing  and  a  little  hand-holding  help  them 
become  the  IT  worker  they  need.” 
www.nwdocflnder.com/2221 

Wide  area  networking:  In  a  recent  paper 
posted  at  Webtorials,  Cisco  advocated  the 
integration  of  WAN-optimization  features 
into  the  router. This  brings  into  focus  once 
again  the  perennial  question  of  exactly  how 


many  features  should  be  incorporated  into 
a  single  piece  of  equipment.  In  fact,  long¬ 
time  readers  of  this  column  will  remember 
that  about  10  years  ago  we  were  discussing 
whether  the  DSU/CSU  should  be  integrated 
with  the  router.  Consequently,  we’re  starting 
a  point-counterpoint  discussion  about 
whether  WAN  optimization  is  best  accom¬ 
plished  within  the  router  or  by  using  a  sepa¬ 
rate  appliance. To  start  the  discussion  this 
week,  Mark  Weiner,  director  of  product  mar¬ 
keting,  Cisco  application  networking  ser¬ 
vices,  addresses  the  positive  side  of  making 
this  move.  Mark  comments: “As  WAN  opti¬ 
mization  is  quickly  becoming  a  mainstream 
technology  for  the  enterprise,  it  is  important 
to  analyze  and  understand  optimal  deploy¬ 
ment  scenarios.  While  offering  the  deploy¬ 
ment  flexibility  of  both  appliance-based 
and  router-integrated  solutions,  Cisco 
believes  there  are  economic,  security  and 
VoIP  benefits  to  integrating  WAN-  optimiza¬ 
tion  technology  within  the  router  -  both 
logically  and  physically” 
www.nwdocfinder.com/2221 
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.INFRASTRUCTURE  LOG 

_DAY  75:  These  cables  are  everywhere!!  Connecting 
underutilized  servers  to  more  underutilized  servers. 

Our  energy  usage  is  out  of  control!! 

_DAY  77:  I  found  a  way  out  of  this  mess:  the  super¬ 
efficient  IBM  BladeCenterf  It  helps  us  manage  power 
and  cooling  usage  with  intelligent  Cool  Blue™ 
technology.  And  with  its  new  Quad-core  Intel®  Xeon® 
processor,  we  won’t  have  to  sacrifice  performance  for 
efficiency.  So  out  with  cables,  in  with  blades. 

_DAY  79:  Gil’s  stuck  under  the  ball.  Tried  calling  his  wife. 
Turns  out  the  photo  of  his  family  came  with  the  frame. 


IBM.COM/OUTWITHCABLES 


IBM.  the  IBM  logo.  Cool  Blue  and  BladeCenter  are  trademarks  or  registered  trademarks  of  International  Business  Machines  Corporation  in  the  United  States  and/or  other  countries. 
Intel.  Intel  Inside,  the  Intel  Inside  logo  and  Intel  Xeon  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and/or  other  countries.  Other 
company,  product  and  service  names  may  be  trademarks  or  service  marks  of  others.  ©2007  IBM  Corporation.  All  rights  reserved. 
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Vonage  settles 
patent  dispute 


Cisco  certifications  and  you 


Vonage  has  reached  a  settlement  with  Verizon 
to  resolve  a  patent-infringement  suit  first  filed 
in  June  2006.  According  to  Vonage,  the  settle¬ 
ment  could  be  worth  as  much  as  $120  mil¬ 
lion  if  the  company  does  not  win  an  appeals 
court  rehearing  for  two  of  Verizon’s  patents.  If 
Vonage  does  win  a  rehearing  on  the  two 
patents,  both  of  which  enhance  name  transla¬ 
tion  servers,  then  the  company  will  pay  $80 
million  to  settle  the  case.“This  settlement 
removes  the  uncertainty  of  legal  reviews  and 
long-term  court  action  and  allows  us  to  con¬ 
tinue  focusing  on  our  core  business  and  cus¬ 
tomers,”  said  Sharon  O’Leary  Vonage  chief 
legal  officer. The  settlement  comes  just  two 
weeks  after  Vonage  agreed  to  pay  $80  million 
to  Sprint  Nextel  to  settle  a  similar  patent  suit. 
www.nwdocfinder.com/2252 

A  buyer  for  SCO?  Embattled  SCO  Group  is 
offering  the  bankruptcy  court  a  deal  that 
could  be  hard  to  refuse. The  company  has 
received  an  offer  of  $36  million  from  JGD 
Management  for  its  business  and  intellectual 
property  JGD  Management,  a  current  debtor 
of  SCO,  is  an  investing  arm  of  York  Capital 
Management,  which  owned  more  than  91,000 
shares  of  SCO  stock  from  March  2005  to 
September  2006.The  amount  includes  a  cash 
payment  of  $10  million,  $10  million  to  fund 
continuing  litigation  with  Novell  and  IBM,  $10 
million  or  as  much  as  a  20%  interest  if  there  is 
a  favorable  legal  ruling  and  $6  million  for 
SCO’s  OEM  agreement  with  Me,  a  mobile 
applications  vendor. The  $36  million  offer  is 
subject  to  approval  from  the  bankruptcy  court 
by  Nov  9.  www.nwdocfinder.com/2253 

IBM  boosts  storage  with  acquisition. 

IBM  bolstered  its  line  of  storage  products  and 
services  by  acquiring  NovusCG.a  provider  of 
consulting  as  well  as  software  for  storage 
analysis  and  reporting.  IBM  has  collaborated 
with  Novus  on  services  engagements  since 
2003.  Buying  the  company  outright  could  give 
IBM  a  boost  in  its  competition  with  storage 
powerhouse  EMC.“Novus’  assets  and  method¬ 
ologies  provide  a  standardized,  repeatable 
approach  for  assessing  and  optimizing  stor¬ 
age  in  multivendor  environments,”  IBM  said  in 
a  statement.“Its  storage  analysis  and  reporting 
software,  tools  and  asset-based  delivery 
model  will  enhance  IBM’s  ability  to  produce 
services  engagement  results  in  reduced  time.” 
Novus’  software  includes  Storage  Enterprise 
Resource  Planner,  which  provides  a  view  of 
storage  use  at  the  business  level,  to  identify 
unnecessary  duplication  of  storage  and 
enable  accurate  chargeback  and  capacity 
planning,  www.nwdocfinder.com/2254 


With  the  Nov.  6  deadline  looming, 

Cisco  author  and  certification  expert 
Wendell  Odom  answered  readers’ 
questions  about  training  and  certifications.  For  a  full  transcript, 
visit  www.networkworld.com/chat/ '.  Join  us  for  upcoming 
chats:  IP  routing  gum  Jeff  Doyle,  Nov.  7;  LAN  switch  security 
expert  Christopher  Paggen,  Nov.  13. 

Ansh:  I  am  preparing  for  the  CCNA  640-082  exam  and  am  pursuing 
my  master's  in  telecom  technology,  graduating  in  December 
2008.  In  addition  to  the  GGNA  certification,  which  other  Cisco  cer¬ 
tifications  will  help  me  in  landing  a  stable  network  engineer  job? 

Ansh,  I  think  with  a  master’s,  I’d  focus  on  adding  to  my  resume  any¬ 
thing  that  looks  like  (or  actually  is)  hands-on  experience  with  the  gear, 
instead  of  more  certs.  If  that’s  just  not  available,  then  I  think  that  a 
CCNP  (if  you  like  working  with  routers/switches),  CCVP  (if  you  like 
voice)  or  CCSP  (if  you  like  security)  would  be  a  great  next  step.  But 
with  an  advanced  networking-specific  degree,  I’d  rather  see  you  spend  time  helping  out 
in  a  Cisco  lab  on  campus. 

Smp:  Hello,  Wendell.  Since  the  early  '90s,  I  have  been  involved  with  Cisco  and 
technologies  such  as  routers.  I  am  a  strong  believer  in  hands-on  training.  Where 
would  one  be  able  to  do  that  at  a  relatively  small  price? 

SMPwell,  I  could  answer  until  you  said  “small  price.” ;-)  If  you  want  hands-on,  and  you 
don’t  care  so  much  about  the  topics,  several  companies  rent  CCIE-level  lab  pods  for 
almost  nothing  —  then  they  make  their  money  with  $300  to  $500  lab  booklets.  If  you’re 
looking  for  a  playpen  of  gear  for  cheep,  Google  “CC1E  lab  pods,”  and  that’ll  find  some.  I 
think  a  few  of  the  e-learning-focused  Cisco  learning  partners  have  remote  lab  pods  with 
exercises.  Finally  from  your  Cisco  login,  look  for  the  customer  E-learning  connection  — 
they  often  times  have  free  (!!!)  lab  exercises  on  real  gear. 

BartKnight:  Should  I  go  for  CCNP  or  CGIP  after  my  GCNA?  Which  is  the  hottest  cer¬ 
tification  today? 

Bart,  hands  down  CCNP  between  those  two.  However,  if  you’re  looking  for  hot  as  in  get  a 
job,  CCVP  and  CCSP  are  probably  hotter,  IMHO. 

HarryB:  Wendell,  I  have  my  CCNP,  if  GGVP  and  CCSP  are  the  hot  certs,  where  do 
you  classify  CCDP  today? 

HarryB  —  great  question.  I  think  that  CCDP  has  always  been  kind  of  a  red-headed 
stepchild  kind  of  cert.  As  for  getting  jobs,  I  think  it  gives  an  edge  to  getting  a  presales 
job.  It  just  doesn’t  have  any  buzz.  However,  I’m  thinking  it  might  have  a  resurgence  once 
Cisco  gets  their  new  CCIE-level  design  cert  established  —  maybe  CCDA  will  be  a  pre- 
req.Who  knows?  I  find  the  underlying  skills  very  important,  but  the  cert  just  doesn’t  siz¬ 
zle  for  some  reason.  ■ 


•  Top  15  networkiest  horror  films:  www.nwdocfinder.com/2255 

•  2007  network  industry  graveyard:  www.nwdocfinder.com/2257 

•  Network  World’s  Haunted  Data  Center:  www.nwdocfinder.com/2259 
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For  you,  it’s  about  protecting  critical  systems 
without  getting  a  PhD  in  engineering. 


For  us,  it’s  about  making  sure  you  don’t  need  one. 


Power  and  cooling  have  become  critical  to  effective  IT  management.  But  do 
you  really  need  to  know  how  to  convert  kilowatts  to  BTUs,  or  understand 
how  resonant  converter  technology  increases  UPS  efficiency? 


With  a  network  of  local  representatives  that  average  more  than  20  years 
of  experience,  Emerson  Network  Power  and  its  Liebert  power  and  cooling 
technologies  make  it  easy  to  create  a  flexible  IT  infrastructure  that  delivers 
high  availability  and  low  cost  of  ownership.  Download  our  white  paper, 
Five  Technologies  Simplifying  Infrastructure  Management,  and  discover  how 
Liebert  technologies  can  make  your  job  easier,  at  experts.liebert.com. 
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Liebert  expertise 


just  another  reason  why  Emerson  Network  Power  is  the  global  leader 
in  enabling  Business-Critical  Continuity.™ 


EMERS 


Network  Pi 


Emerson.  Business-Critical  Continuity  and  Liebert  are  trademarks  of  Emerson  Electric  Co.  or  one  of  its  affiliated  companies.  <02007  Emerson  Electric  Co. 
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NEWS  ANALYSIS 


Payment-card  standards  debated 


BY  ELLEN  MESSMER 

Payment-card  security  rules  that  keep  cus¬ 
tomer  credit  and  debit  card  information  from 
falling  into  the  wrong  hands  are  becoming  a 
contentious  issue  as  debate  over  anticipated 
Payment  Card  Industry  standards  and  their 
impact  heats  up. 

In  addition  to  the  dozen  rules  for 
network  security  that  comprise 
todays  PCI  Data  Security  Standard 
1.1,  the  PCI  Security  Standards 
Council  —  which  represents  Visa, 
MasterCard,  American  Express  and 
Discover  —  anticipates  expanding 
requirements  next  year  that  could 
relate  to  wireless  use  and  Web- 
application  security. 

The  council’s  general  manager 
Bob  Russo  last  week  said  the  orga¬ 
nization  is  devising  new  standards 
for  how  to  design  and  evaluate  any 
Web-facing  business  applications 
for  credit-card  processing,  as  well  as 
security  rules  for  wireless. 

A  final  decision  is  still  pending,  Russo  said, 
because  there’s  growing  resistance  to  new 
requirements  for  payment-card  holders, 
many  of  whom  haven’t  achieved  official 
compliance  yet  with  existing  PCI  standards. 
He  noted  the  council  doesn’t  enforce  PCI 
compliance,  which  is  the  job  of  the  card  asso¬ 
ciations  with  the  banks. 

The  big  concern  now  is  that  card-processing 
applications  can  be  hacked,  and  “we’re  look¬ 
ing  into  the  best  way  to  handle  the  applica¬ 
tion  security’  Russo  said,  adding  he  antici¬ 
pates  a  decision  on  this  in  about  a  month.  A 
decision  to  go  forward  may  mean  applica¬ 
tions  used  to  process  credit  cards  would  have 
to  be  evaluated  and  approved  by  a  listed  of 
certified  evaluators. 

One  change  to  the  PCI  security  rules  that’s 
certain  is  the  release  before  year-end  of  a  new 
self-assessment  questionnaire  for  PCI  that  mer¬ 
chants  handling  payment-card  data  will  be 
expected  to  fill  out  when  requested  by  their 
banks  as  part  of  the  PCI  compliance  process. 

“Today  it’s  a  one-size-fits-all,but  going  forward 
we’ll  have  four  different  versions  based  on  the 
merchant’s  business,”  Russo  said. “For  instance, 
if  they’re  small  and  just  doing  dial-up, there’s  no 
need  for  them  to  answer  200  questions;  we’ll 
just  have  30  or  40  questions.” 

The  PCI  council  also  intends  to  establish  new 
PIN  Entry  Device  (PED)  requirements  for 
equipment  in  an  effort  to  combine  the  various 
equipment-security  programs  that  today  are 
administered  separately  by  card  associations 
MasterCard,  Visa  and  JCB.  Russo  said  by  year- 
end,  the  council’s  Web  site  probably  will  detail 
a  list  of  approved  PED  equipment. 

There’s  been  some  “grumbling”  and  “push- 
back”  among  merchants  aware  of  some  of  the 


proposed  changes,  Russo  acknowledges. 
Although  specifics  aren’t  published  yet,  the 
idea  of  mandating  new  payment-card  applica¬ 
tion-security  design  and  testing  guidelines 
makes  some  IT  managers  anxious  about  how  it 
could  impact  their  operations. 

“I’m  hoping  what  they  come  up  with  is  addi¬ 
tive,  not  a  complete  shift,”  said 
Claude  Gigoux,  manager  of  networks 
and  telecommunications  at  Princess 
Cruises,  which  achieved  PCI  compli¬ 
ance  in  July  through  an  audit  of  its 
offices  and  its  cruise  ships,  whose 
wireless-based  networks  and  appli¬ 
cations  handle  payment-card  infor¬ 
mation.  “You’re  going  to  get  a  rebel¬ 
lion  if  they  say  you  have  to  use  this 
methodology  or  other” 

In  general,  PCI  DSS  1.1  has  been 
beneficial,  Gigoux  says,  because  it’s 
specific  about  security  guidelines, 
such  as  not  transmitting  credit-card 
information  over  a  public  network  in 
the  clear,  without  encrypting  it. 

“Visa  and  its  processors  don’t  always  comply 
with  this,”  Gigoux  asserted.“Now  and  then,  we’ll 
get  an  e-mail  directly  from  Visa  out  of  the  blue 
on  the  Internet,  telling  us,  here’s  the  card  num¬ 
ber  and  we  have  a  problem  with  it.” 

Visa  declined  to  comment  on  the  matter 
directly  although  in  an  announcement  last 
week  it  said  65%  of  the  largest  U.S.  merchants 
(those  it  calls  Level  I  merchants,  processing  6 
million  or  more  Visa  transactions)  have  vali¬ 
dated  compliance  with  the  PCI  DSS  1.1,  an 
increase  from  36%  in  December  2006.  For  the 
rest,  Visa  says  it  has  begun  levying  fines  of 
$25,000  per  month.Visa  also  said  validation  for 
the  PCI  security  standard  among  midsize  mer¬ 
chants  has  reached  43%  as  of  Sept.  30,  an 
increase  from  15%  last  December. This  Level  II 
group  is  expected  by  Visa  to  validate  its  com¬ 
pliance  by  Dec.  31.  Together  these  merchants 
constitute  two-thirds  of  Visa’s  transaction  vol¬ 
umes,  the  company  said. 

Meanwhile,  because  the  PCI  standard  calls 
for  use  of  intrusion-detection  systems  and  fire¬ 
walls,  Princess  Cruises  has  found  that  central¬ 
izing  log  data  using  a  security-information 
manager  —  in  this  case,  ArcSight’s  Event 
Manager  —  has  helped  in  making  changes 
pertinent  to  PCI  and  providing  information 
relevant  to  PCI  auditors. 

PCI  security  also  is  of  keen  interest  to  Verizon 
Business,  which  last  week  announced  its  man¬ 
aged-hosting  data  centers  in  San  Jose  and 
Beltsville,  Md.,  achieved  PCI  compliance  after 
an  audit  by  Trustwave,  a  qualified  security 
assessor  (QSA)  under  the  PCI  program. 

“It  took  us  a  year  to  get  through  the  process,” 
says  Laura  Elliott,  manager  of  IT  solutions  prod¬ 
uct  marketing  at  Verizon  Business. “The  reason 
we  pursued  this  is  because  we  have  a  large 


number  of  customers  in  the  retail  space.  We 
didn’t  have  to  do  this  because  we’re  not  han¬ 
dling  the  card  data,  but  we  know  that  in  order 
for  the  retailers  to  have  PCI  compliance,  they 
may  have  to  check  off  whether  their  service 
provider  does.” 

Verizon  has  a  multifaceted  view  on  PCI 
because  one  of  its  divisions, Cybertrust,  is  a  PCI 
approved  scanning  vendor  and  a  PCI  QSA 
conducting  security  audits  on  merchants’  net¬ 
works  when  merchants  request  this  service  to 
meet  demands  from  their  banks  or  face  possi¬ 
ble  fines  and  other  punishment. 

“One  reason  PCI  is  so  demanding  is  because 
it  calls  for  documented  policies  and  how 
they’re  getting  carried  out,”  says  Barbara 
Mitchell,  Verizon  manager  of  security  product 
marketing.  Some  of  the  anticipated  changes 
coming  from  the  PCI  Security  Standards 
Council,  such  as  the  application  security  pro¬ 
posal,  are  getting  “pushback  from  the  retail 
industry  she  says.  ■ 


InBrief 


Verizon  to  shell  out  $1  million 

Verizon  has  agreed  to  pay  $1  million  to  set¬ 
tle  an  investigation  of  the  company's  alleged 
deceptive  marketing  practices  conducted  by 
the  New  York  Attorney  General's  office.  At 
the  heart  of  the  investigation  were  Verizon's 
advertisements  that  promised  consumers 
"unlimited”  broadband  for  its 
NationalAccess  and  BroadbandAccess  ser¬ 
vices.  New  York  Attorney  General  Andrew 
Cuomo  noted  that  the  terms  of  service  for 
Verizon's  “unlimited”  services  barred  users 
from  performing  such  high-bandwidth  activ¬ 
ities  as  downloading  movies  or  playing  video 
games  online.  When  users  were  deemed  to 
be  "excessively  using”  their  services,  the 
attorney  general  said,  they  were  cut  off  from 
service  and  unable  to  obtain  refunds. 

High-tech  wages  climbing 

New  research  shows  that  technology  pro¬ 
fessionals  earned  about  5%  more  in  wages 
during  the  third  quarter  of  this  year  than 
they  did  during  the  same  period  in  2006.  Data 
from  talent  and  outsourcing  services  com¬ 
pany  Yoh  shows  that  wages  for  computer 
scientists,  engineers  and  other  technology 
professionals  increased  6%  in  July,  grew 
4.64%  in  August  and  improved  5.79%  in 
September,  compared  with  the  same  months 
in  2006.  Yoh  also  reports  that  technology 
wages  “consistently  outpaced  national 
trends"  in  2005  and  2006. 


The  PCI  Secu¬ 
rity  Standards 
Council’s  Bob 
Russo 
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Storm  worm  can  befuddle  NAG 

Interop  attendees  hear  of  new  threats,  countermeasures  . . .  and  retaliation 


BY  TIM  GREENE  AND  JIM  DUFFY 

NEW  YORK  —  A  newly  discovered  capability 
of  the  Storm  worm  could  invalidate  results 
churned  out  by  NAC  products,  attendees  at 
Interop  New  York  learned  last  week. 

This  new  trick  is  Storms  ability  to  interrupt 
applications  as  they  boot  up  and  either  shut 
them  down  or  allow  them  to  appear  to  boot, 
but  disable  them,  says  Josh  Corman,  host  pro¬ 
tection  architect  for  IBM/ISS. 

Users  will  see  that,  for  example,  antivirus  is 
turned  on,  but  actually  it  isn’t  scanning  for 
viruses, or  as  Corman  puts  it,  it  is  brain-dead.“lt’s 
running,  but  it’s  not  doing  anything.  You  can 
brain-dead  anything,”  he  says. 

NAC  vendors  acknowledged  at  the  show  that 
this  capability  could  thwart  the  endpoint 
checking  that  their  products  perform.  NAC 
scans  devices  before  they  gain  admission  to 
networks,  looking  for  properly  patched  operat¬ 
ing  systems,  personal  firewalls,  and  antivirus 
software  that  is  updated  and  turned  on. 

The  software  seems  turned  on  but  is  doing 
nothing  that  would  invalidate  the  scan,  repre¬ 
sentatives  of  NAC  vendors  ConSentry  Juniper 
and  McAfee  say.“This  is  an  example  of  why  pre¬ 
admission  NAC  is  not  enough,”  says  Michelle 
McLean,  director  of  marketing  for  Consentry 

Analyzing  what  devices  attempt  to  do  once 
they  are  on  the  network  —  postadmission  NAC 
—  is  necessary  as  a  backstop  to  preadmission 
tests,  says  Vimal  Solonki,  senior  director  of 
product  marketing  for  McAfee. 

Storm  also  exemplifies  the  sophistication  of 
new  malware  that  retaliates  against  research¬ 
ers  studying  it  with  the  goal  of  stamping  it  out, 
Corman  revealed  at  the  show. 

The  worm  can  figure  out  which  users  are  try¬ 
ing  to  probe  its  command-and-cnntrol  servers, 
and  it  retaliates  by  launching  DDoS  attacks 
against  them,  shutting  down  their  Internet 
access  for  days,  he  says. 

“As  you  try  to  investigate  [Storm] ,  it  knows, 
and  it  punishes,”  he  says.“It  fights  back.” 

As  a  result, researchers  who  have  managed  to 
glean  facts  about  the  worm  are  reluctant  to 
publish  their  findings.“They’re  afraid.  I’ve  never 
seen  this  before,”  Corman  says.“They  find  these 
things  but  never  say  anything  about  them.” 

The  sheer  variety  of  attacks  is  soaring,  accord¬ 
ing  to  a  study  released  at  the  show. 

“The  motivation  has  shifted  from  prestige  to 
profit  to  political,”  Corman  says.  That  means 
that  rather  than  writing  code  for  massive  dis¬ 
abling  of  systems  and  reveling  in  twisted  glory 
the  writers  of  malicious  code  are  writing  for 
profit  or  to  commit  cyberterrorism. 

Just  as  motivation  is  shifting,  the  quality  of  the 
attacks  is  improving,  he  says.  They  target  indi¬ 
viduals  with  the  goal  of  stealing  intellectual 
property  or  valuable  personal  data. 


Storm  fools  NAC 

Here’s  what  NAC  vendors  say  to 
do  about  the  problem: 

•  Use  postadmission  NAC  products  that 
can  detect  infected  machines  based 
on  their  behavior  relative  to  the  policies 
set  for  them. 

•  When  they're  available,  use  NAC 
preadmission  products  that  rely  on 
security  chips  placed  in  the  computers 
that  would  detect  that  something  is 
amiss. 

•  Supplement  NAC  with  other  security 
software,  such  as  antirootkit  products. 

•  Rachet  down  access  rights  as  tightly 
as  possible  to  limit  the  damage  infected 
machines  might  do. 


One  security  executive  at  the  show  who 
could  not  speak  for  attribution,  because  his 
company  does  not  allow  it,  said  he  has 
encountered  attacks  tailored  for  individual 
executives  within  his  corporation. 

Ryan  Sherstobitoff,  product  technology  offi¬ 
cer  for  security  vendor  Panda  Software,  says 
makers  of  malware  no  longer  write  it  and  toss  it 
into  the  wild,  but  test  it  to  find  out  if  it  is  effec¬ 
tive  against  likely  corporate  defenses.  These 
criminals  perform  quality  assurance  and  even 
offer  the  equivalent  of  service-level  agreements 
on  how  effective  their  wares  will  be,  he  says. 

Meanwhile,  showgoers  were  told  they  need 
new  architectures  to  protect  corporate  net¬ 
works  against  changing  threats  while  opening 
those  networks  to  anytime,  anywhere  access. 

Architectures  optimized  for  distributed  appli¬ 
cations  in  2005  evolved  into  those  focused  on 
security  and  IT  consolidation  in  2006,  says 
Chris  Silva,  an  analyst  at  Forrester  Research. 
This  year’s  wave  will  be  LAN  infrastructures 
designed  to  accommodate  disaster  recovery 
and  further  consolidation. 

Enterprises  want  their  networks  to  function  as 
a  utility  and  wireless  coverage  will  drive  in¬ 
frastructure  deployments,Silvasays.He  believes 
IEEE  802.1  In  wireless  LANs  and  WiMAX  will 
become  pervasive  in  the  201 1-13  time  frame. 

HP  ProCurve  believes  the  next-generation 
LAN  architecture  will  be  a  50-50  mix  of  wired 
and  wireless  infrastructures, consistent  with  the 
Adaptive  Edge  vision  the  company  put  forth  in 
2003.  That  plan  involves  putting  more  network 
intelligence,  such  as  802.  IX  authentication  as 
well  as  Layer  2  and  Layer  3  QoS  and  NAC  secu¬ 
rity  services,  in  enterprise  wiring  closets.  All 


processing  is  distributed,  and  all  intelligent 
devices  are  able  to  execute  services  and  initi¬ 
ate  resource  access  control. 

“Those  are  the  foundational  elements  of  how 
these  issues  would  be  addressed,”  said  John 
McHugh,  vice  president  and  general  manager 
of  HP  ProCurve.  He  said  the  next-generation 
LAN  should  not  be  based  on  a  constraining 
proprietary  architecture  with  features  that  are 
“bolted  on”  instead  of  integrated  into  the  fabric. 

“This  is  very  difficult  with  an  overlay  struc¬ 
ture,”  he  said.  And  it  should  be  done  in  a  way 
that  is  open  —  a  hosting  environment  for  best- 
of-breed”  products. 

Along  with  ubiquity,  users  will  demand  secu¬ 
rity  and  integration  with  wired  and  voice  infra¬ 
structures.  That’s  fine  with  wireless  companies, 
such  as  Trapeze  Networks,  and  secure-switch- 
ing  vendors,  such  as  ConSentiy 

Components  of  the  “new”  LAN  include  mobil¬ 
ity  security  and  identity-based  networking  — 
the  ability  to  configure  users’  access  and  ser¬ 
vices  as  opposed  to  what  switch  and  router 
ports  they  can  use,  says  David  Cohen,  Trapeze 
director  of  marketing. 

The  LAN  architecture  will  encompass  a 
hybrid  of  distributed  forwarding  and  central¬ 
ized  forwarding  based  on  the  application:  dis¬ 
tributed  for  latency-sensitive  traffic,  such  as 
voice  over  WLAN  and  “.lln  ready”  applica¬ 
tions;  and  centralized  for  security-sensitive  traf¬ 
fic,  such  as  guest  access,  Cohen  says. 

Switches  will  support  “virtual  stacking” 
Cohen  says,  in  which  capacity  is  pooled  and 
automatically  assigned,  remapped  and  bal¬ 
anced  across  access  point  when  they  are 
added  to  or  subtracted  from  the  network. 

This  is  not  unlike  the  challenges  facing  enter¬ 
prises  in  branch-office  networking.  More  than 
90%  of  employees  work  in  a  branch  or  remote 
office.Yet  the  branch  is  made  up  of  a  disparate 
set  of  technologies,  capabilities  and  function¬ 
alities  that  increase  the  cost  of  doing  business 
and  the  inconsistency  of  the  customer  experi¬ 
ence,  says  Steve  Hardy  Avaya  director  of  con¬ 
verged  communications  product  marketing. 

“The  branch  is  a  much  more  strategic  part  of 
the  business  plan,”  Hardy  says,  adding  that  it’s 
morphed  from  a  cost  center  to  a  profit  center. 

Considerations  enterprises  must  deal  with 
include  whether  applications  need  to  be  cen¬ 
tralized  or  distributed  to  branch  locations,  he 
says.  Integrated  security  is  “critical,”  as  is  an 
“open,  standard  converged  infrastructure.” 

But  therein  lie  some  opposing  goals,  Hardy 
says:  maximizing  application  reach  while  min¬ 
imizing  TCO.That’s  why  enterprises  will  increas¬ 
ingly  adopt  hybrid  models  where  some  appli¬ 
cations  are  hosted  at  the  headquarters  site;  oth¬ 
ers  in  the  branch;  and  others  with  the  compa¬ 
ny’s  telecom  carriers.  ■ 


14  •  OCTOBER  29,  2007  •www.networkworld.com 


Go  online  and  get  your  FREE  efficiency  rating  today! 

Or  fill  out  this  card  for  the  following  White  Papers: 

□  White  Paper  #114  "Implementing  Energy  Efficient  Data  Centers" 

□  White  Paper  #63  "AC  vs  DC  Power  Distribution  for  Data  Centers" 

□  White  Paper  #11 3  "Electrical  Efficiency  Modeling  for  Data  Centers" 


DATA  CENTER 


□  YES! 


Name: 


Please  send  me  my  FREE  white  papers.  □NO  ,  I'm  not  interested  at  this  time,  but  please  add  me  to  your  mailing  list. 
   Title:  


Company: 

Address: 

Address  2: 

City/Town: 

State: 

Zip: 

Country: 

Phone: 

Fax: 

e-mail: 

I  I  Yes  /  Send  me  more  information  via  e-mail  and  sign  me  up  for  APC  PowerNews  e-mail  newsletter.  [KeV  Code:  y507x 


What  type  of  availability  solution  do  you  need? 

□  UPS:  0-1 6KVA  (Single-phase)  □  UPS:  10-80kVA  (3-phase  AC)  □  UPS:80+  kVA(3-phase  AC)  QDC  Power 

□  Network  Enclosures  and  Racks  □  Precision  Air  Conditioning  □  Monitoring  and  Management 

□  Cables/Wires  □  Mobile  Protection  □  Surge  Protection  QUPS  Upgrade  □Don'tknow 
Purchase  timeframe?  Q<1  Month  Ql^  Months  □]  3-1 2  Months  Q1  Yr.  Plus 

You  are  (check  1):  □  Elome/Home  Office  ^Business  (<1000  employees)  □  Large  Corp.  (>1000  employees) 

□  Gov't,  Education,  Public  Org.  QAPC  Sellers  &  Partners 


©2007  APC.  All  rights  reserved.  All  trademarks  are  the  property  of  their  respective  owners.  EE2A7EB_EN  •  e-mail:  esupport@apc.com  •  132  Fairgrounds  Road,  West  Kingston,  Rl  02892  USA 


NO  POSTAGE 
NECESSARY 
IF  MAILED 
IN  THE 

UNITED  STATES 


BUSINESS  REPLY  MAIL 

FIRST-CLASS  MAIL  PERMIT  NO.  36  WEST  KINGSTON  Rl 
POSTAGE  WILL  BE  PAID  BY  ADDRESSEE 

APC 

ATTENTION  CRC:  y507x 
132  FAIRGROUNDS  ROAD 
PO  BOX  278 

WEST  KINGSTON  Rl  02892-9920 


III . 1 . 1 1 1 1 1 . 1 1 1 1 1 . 1 1 1 1 1 1 1 1 1 1 . 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 


Introducing  the  revolutionary  enterprise  architecture 
that  finally  pays  you  back. 

Legacy  systems  work  fine  for  brute-force  cooling  the  entire  room,  but  skyrocketing 
energy  costs  make  them  fiscally  irresponsible  and  their  fundamentally  oversized 
design  makes  them  incapable  of  meeting  today's  high-density  challenges. 

Even  worse,  power  and  cooling  waste  may  actually  prevent  you  from  purchasing 
much-needed  new  IT  equipment.  Simple  problem,  simple  solution.  Cut  your  power 
and  cooling  costs  and  use  the  savings  to  buy  the  IT  equipment  you  need. 

According  to  Gartner  Research,  50%  of  all  data  centers  built  before  2002  will 
be  obsolete  by  2008  because  of  insufficient  power  and  cooling  capabilities. 

Power  and/or  cooling  issues  are  now  the  single  largest  problem  facing  data 
center  managers. 


The  Efficient  Enterprise “  makes  cooling 
operational  expenses  by... 


There's  only  so  much  power  and  money  to  go  around 

Your  service  panel  limits  the  amount  of  power  available.  Your  budget  limits  the 
amount  of  money.  You  have  to  stretch  every  bit  of  both  as  far  as  you  can. 

What  you  need  is  the  APC  Efficient  Enterprise™ 

The  APC  solution  offers  modular  scalability  so  that  you  pay  only  for  what  you 
use;  capacity  management  so  that  you  know  where  to  put  your  next  server;  and 
dedicated  in-row  and  heat-containment  systems  that  improve  cooling  and  thermal 
predictability.  An  Efficient  Enterprise  earns  you  money  through  the  pre-planned 
elimination  of  waste.  For  example,  simply  by  switching  from  room-  to  row-oriented 
cooling,  you  will  save,  on  average,  35%  of  your  electrical  costs. 

Our  system  reimburses  you 

Whether  you're  building  a  new  data  center  or  analyzing  the  efficiency  of  existing 
systems,  your  first  step  is  knowing  where  you  stand. Take  the  online  Enterprise 
Efficiency  Audit  to  see  how  you  can  reap  the  benefits  of  a  smart,  integrated, 
efficient  system:  more  power,  more  control,  more  profits. 


(7)  Employing  close-coupled  cooling.  Our  innovative 
Inflow "  architecture  allows  more  efficient,  targeted 
cooling  by  shortening  the  distance  between  heat  generation 
and  heat  removal. 

Q)  Containing  the  heat.  Our  Hot  Aisle  Containment  System 
reduces  hot  spots  by  preventing  hot  exhaust  air  from  mixing 
with  cool  air  in  the  room. 

(5)  Managing  capacity.  Intelligent,  integrated  capacity 
management  software  gives  you  real-time  data  on  your 
power  and  cooling  demands. 

0  Utilizing  right-sized  components.  Sight- sized  "pay  as 
you  grow"  components  mean  no  more  wasting  power  with 
oversized  legacy  systems. 


Legendary  Reliability® 


How  efficient  is  your  enterprise  system?  See  exactly  where  you  stand 
— take  our  online  Enterprise  Efficiency  Audit  today! 
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Plans  for  Vista 

Vista  has  been  available  for  nearly  a  year  and  achieved  only  a  2%  penetration 
into  corporate  computing  environments.The  bulk  of  users  on  Windows  2000 
and  XP,  however,  are  still  assessing  their  plans. 

What  year  do  you  plan  to  start  deploying  Windows  Vista? 

Windows  2000  users*  Windows  XP  users** 

No  plans  at  2007:4%  No  plans  at  2007:7% 

this  stage:  this  stage: 

44%  38% 


Don't  know:  18% 


2009: 

8% 

2010  or 
beyond:  6% 


Don’t  know:  14%  2010  or  beyond:  6% 


*  (50  respondents  in  North  America  and  Europe) 

**  (510  respondents  in  North  America  and  Europe) 

SOURCE:  FORRESTER  RESEARCH 


Microsoft 

continued  from  page  1 

have  not  been  outside  the  scope  of  the  techni¬ 
cal  issues  raised  about  previous  Microsoft 
operating-system  releases,  experts  say 

Perhaps  the  one  true  failure  of  Vista  is  that 
Microsoft  again  was  unsuccessful  in  stamping 
out  the  perception  that  a  new  Windows  oper¬ 
ating  system  isn’t  worthy  until  the  first  service 
pack.  Vista  Service  Pack  1  won’t  ship  until 
early  2008. 

A  forthcoming  study  by  Forrester  Research 
shows  that  52%  of  respondents  have  no  plans 
to  roll  out  Vista  or  don’t  know  when  they  might 
do  it. The  study  shows  1 1%  don’t  plan  to  start  a 
rollout  until  2009,  and  another  6%  are  waiting 
until  2010. 

The  study  also  shows  that  88%  of  companies 
with  5,000  to  20,000  users  have  standardized 
on  XP  In  fact,  demand  for  XP  is  still  so  strong 
that  users  last  month  forced  Microsoft  to  ex¬ 
tend  XP’s  availability  another  five  months. 

Repeated  delays  in  the  delivery  of  Vista, 
which  came  five  years  after  XP  first  shipped  in 
late  2001,  moved  the  operating  system’s  release 
to  a  point  where  many  users  had  begun  or 
completed  hardware-refresh  cycles. 

“When  we  look  at  all  the  activity  in  the 
bumper-crop  year  of  PC  purchases  in  2005  and 
2006,  we  see  that  a  lot  of  companies  have  gone 
through  upgrade  cycles,  so  the  likelihood  of 
them  turning  around  and  saying, ‘I  am  going  to 
deploy  new  PCs  with  a  new  operating  system 
for  everybody  in  the  company’  would  be  rela¬ 
tively  low?  says  lan  Lao, senior  analyst  at  market- 
analysis  firm  In-Stat. 

Lao  says  such  issues  as  testing  and  training 
make  companies  conservative  and  intent  on 
staying  with  XP“The  average  man  on  the 
street  is  happy  with  XP”  he  says. 

Users  are  stepping  up  to  Vista,  but  only  after 
carefully  reviewing  user  and  network  needs 
and  the  needs  of  their  applications.  “The 
approach  that  Bechtel  is  taking  is  pragmatic,” 
says  Fred  Wettling,  manager  of  IT  standards  and 
strategies  for  the  San  Francisco  engineering 
and  construction  company  “We  have  gone 
through  forklift  upgrades  before  with  Windows 
95  and  2000,  and  it  was  a  royal  pain.  Our 
approach  on  Windows  2000  and  XP  is  the 
same  one  we  will  use  with  Vista,  and  that  is  to 
make  it  part  of  the  normal  evolution.”That  will 
happen  early  in  2008,  when  Bechtel  begins 
buying  Vista  PCs. 

The  timing,  however,  isn’t  arbitrary  Bechtel 
began  last  January  and  spent  four  months 
putting  a  standard  desktop  configuration 
together  before  it  began  a  pilot.  In  parallel, 
Bechtel  was  testing  its  500  applications  using 
the  Microsoft  Application  Compatibility  Toolkit. 
“Our  applications  compatibility  has  gone  pretty 
well, ’’Wettling  says. 

One  bump  in  the  road  has  been  BitLocker, 
the  disk-encryption  technology  in  Vista,  which 
lacks  centralized  management  controls  that 
Bechtel  requires.  The  company  is  rolling  out 
BitLocker,  however,  because  the  encryption 


technology  it  uses  is  not  ready  for  Vista. 
Another  feature  generating  interest  is  Vista’s 
Meeting  Space,  which  makes  it  possible  to  cre¬ 
ate  ad  hoc  networks  via  peer-to-peer  features 
enabled  by  Vista’s  support  of  IPv6.  “Stuff  like 
that  is  useful  to  Bechtel;  when  we  start  a  new 
job  site,  we  don’t  have  a  network  to  support  it,” 
Wettling  says.  Bechtel  forecasts  it  will  be  a 
three-year  process  to  upgrade  the  company’s 
18,000  desktops  around  the  world. 

For  some,  other  projects  influenced  the  deci¬ 
sion  about  Vista. 

The  city  of  Indianapolis  just  completed  a  mi¬ 
gration  from  Novell  GroupWise  to  Microsoft’s 
Outlook.  It  is  consolidating  servers  on  its  VM- 
ware  platform,  and  it  plans  to  deploy  Office 
2007  and  ShareFbint  Server  in  2008. 

Vista  will  become  part  of  that  rollout,  accord¬ 
ing  to  Shital  Patel,  CIO  for  the  city  who  plans  to 
dovetail  it  with  the  normal  refresh  cycle  of  PCs. 
She  says  the  city  is  working  through  applica¬ 
tion-compatibility  issues  and  will  confront 
hardware  problems,  given  its  standard  desktop 
configurations  today 

But  technical  problems  with  Vista  aren’t  near 
the  top  of  the  issues  list.  “For  the  most  part, 
these  are  similar  to  issues  we  have  had  in  the 
past,”  Patel  says. 

Part  of  the  Vista  planning  is  logistics:  The  city 
has  2,000  mobile  laptops  it  needs  to  get  back 
into  the  office  to  complete  upgrades.  The  city 
must  coordinate  with  54  departments  and 
74,000  users. “The  biggest  issue  is  change  man¬ 
agement,  moving  away  from  familiarity  users 
have  with  software,”  Patel  says. 


Several  studies  are  bearing  out  that  users  are 
taking  a  calculated  approach  to  Vista.  In  the 
Forrester  report,  42%  of  Vista  deployments  for 
the  565  IT  managers  interviewed  will  start  be¬ 
tween  2008  and  20 10,  with  17%  of  those  taking 
place  in  2009  and  2010. 

Forrester  Analyst  Benjamin  Gray,  who  con¬ 
ducted  the  survey  says  the  most  telling  num¬ 
bers  were  when  data  was  compared  year  over 
year.  An  earlier  version  of  the  survey  published 
in  May  2006  found  large  companies  had  ag¬ 
gressive  Vista  plans,  with  34%  planning  on  start¬ 
ing  deployments  in  2007. 

“When  we  refreshed  the  study  in  the  third 
quarter  of  2007,  that  number  had  dropped  pre¬ 
cipitously  down  to  7%  for  deployment  starts  in 
2007.  Vista  was  still  on  their  road  map,  but  the 
questions  are  ‘when’  and  ‘how?’  Gray  says. 
Besides  application  compatibility  and  hard¬ 
ware  issues,  a  third  factor  in  the  technology 
equation  is  Service  Pack  l,hesays.“Experience 
was  telling  companies  they  should  not  even  be 
considering  deploying  a  new  operating  system 
before  SPl,”he  says. 

It’s  a  reputation  Microsoft  has  been  trying  to 
live  down  for  years.  With  Vista,  the  company  has 
released  piecemeal  updates  to  improve  secu¬ 
rity  and  performance  and  reduce  start-up 
times.  Microsoft  also  has  released  two  reliabil¬ 
ity  and  compatibility  packs.  The  company  is 
recommending  that  only  those  who  need  the 
upgrades  install  them  and  that  others  wait  until 
Service  Rack  1.  All  the  advance  updates  will 
make  it  into  the  service  pack,  which  is  now  in 
beta  with  private  testers.* 
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Networking’s  50  top  arguments 
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Perhaps  the  only  thing  more  fun  than  work¬ 
ing  on  and  playing  with  network  technolo¬ 
gies  is  arguing  about  them.  Some  arguments, 
such  as  Token-Ring  vs.  Ethernet  and  Windows 
vs.  OS/2,  are  history,  while  others,  such  as 
Macs  vs.  PCs,  may  never  end.  Here’s  a  sam¬ 
pling  of  our  collection  of  the  nastiest,  most 
colorful  and  in  some  cases,  still  very  much 
undecided,  arguments  in  the  network  indus¬ 
try  (read  the  entire  package  at  www.nwdoc 
finder.com/2249). 

Windows  vs.  OS/2 

Dr.  Phil  might  tell  you  that  no  one  wins  an 
argument,  but  spare  us  the  hugs  and  psychol¬ 
ogy  IBM  no  longer  ships  (R.I.P2005)  or  sup¬ 
ports  (R.I.P  2006)  OS/2,  which  is  now  sold 
under  the  name  eComStation  by  Serenity 
Systems.  Try  getting  that  factory-installed  on  a 
Dell  laptop. 

The  history  of  Windows  is  a  bit  richer  (in 
many  ways)  and  proves  the  good  doctor 
wrong. 

Of  course,  the  irony  here  is  that  IBM  and 
Microsoft  teamed  in  1985  to  develop  OS/2.Two 
years  later  they  had  a  product.  Three  years 
after  that,  Microsoft  had  Windows  3.0  shipping 
on  many  PCs  and  was  on  its  way  toward  NT 
while  OS/2  was  gathering  dust  on  computer 
superstore  shelves  as  a  stand-alone  product 
that  lacked  a  full  complement  of  device  dri¬ 
vers.  The  IBM/Microsoft  relationship  contin¬ 
ued  to  sour,  and  by  the  time  the  last  version  of 
OS/2  —  the  Warp  4  version  —  shipped  in  1996, 
IBM  was  on  its  own.Today  OS/2,  with  the  dubi¬ 
ous  distinction  of  being  the  first  operating  sys¬ 
tem  to  have  a  fan  club,  can  be  found  in  small 
pockets  of  the  computer  landscape, such  as  in 
bank  automated  teller  machines  and  the 
French  national  railway’s  ticket  machines. 

Windows?  We  won’t  bother  rebooting  that 
story  here. 

CDMA  vs.  GSM 

The  real  problem  with  the  cellular  industry 
is  all  the  blasted  acronyms.  Basically,  you’ve 
got  different  ways  of  making  a  cellular  voice 
or  data  call,  with  vendors  lined  up  behind 
both. AT&T, and  its  Cingular  acquisition, and  T- 
Mobile  are  the  major  GSM  carriers  in  the 
United  States.  Sprint  (which  merged  with 
Nextel),  Verizon  and  Virgin  Mobile  are  the 
chief  CDMA  carriers.  In  the  new  millennium, 
their  chief  competitive  tactic  has  been  cut¬ 
ting  prices. 

But  that’s  changing.  Both  groups  are  speed¬ 
ing  up  their  deployment  of  much  faster  3G  ver¬ 
sions  of  their  cellular  radios.  For  CDMA,  that’s 
various  “revisions”  of  EV-DO  (Evolution-Data 
Optimized),  currently  Revision  A.  For  GSM,  it’s 
UMTS  (Universal  Mobile  Telephone  Standard) 
coupled  with  HSDPA  (High  Speed  Downlink 


Packet  Access).  The  peak  speeds  claimed  by 
the  carriers  show  considerable  overlap.  The 
point  is:  They’re  way  faster,  and  people  want 
faster. 

“From  the  evidence  we’ve  seen  and  the 
research  we’ve  done,  there  is  absolutely  a  pent- 
up  demand  for  3G  from  enterprises,”  says  Mike 
O’Malley,  director  of  external  marketing  for 
Tellabs,  speaking  to  Network  World  earlier  this 
year.The  company  sells  mobile  wireless  equip¬ 
ment  to  carriers.  “That’s  because  it  offers  Wi-Fi 
speeds  or  better,  but  unlimited  roaming. 
Fteople  don’t  want  to  walk  from  Starbucks  to 
Starbucks  for  connectivity’ 

But  the  higher  speeds  also  make  possible 
new  digital  data  services,  both  information 
and  entertainment,  based  on  a  wide  range  of 
media  types,  including  pictures,  music, TV  and 
streaming  video.  These  media  and  the  spread 
of  wireless  push  e-mail  is  giving  cell  phone 
users  a  taste  for  what  this  new  “always-on”  data 
network  can  do. 

This  is  one  argument  that’s  far  from  over. 

IPv4  vs.  IPv6 

The  argument  about  how  best  to  upgrade 
the  Internet’s  main  communications  protocol 
raged  in  the  Internet  Engineering  Task  Force  in 
the  early  1990s.  By  then,  experts  realized  that 
the  Internet  would  eventually  run  out  of 
address  space  with  the  original  version  of  the 
Internet  Protocol,  known  as  IPv4. 

The  issue  of  what  direction  to  take  with  the 
next-generation  of  IP  came  to  a  head  at  a  1994 
IETF  meeting  in  Toronto.  Ultimately,  the  IETF 
decided  to  replace  the  32-bit  addressing 
scheme  in  IPv4  with  a  128-bit  addressing 
scheme  in  IPv6.  The  standards  body  tried  to 
create  other  reasons  to  upgrade  to  IPv6, 
including  built-in  security  with  IPsec  and  easi¬ 
er  management  through  autoconfiguration  of 
devices. 

Nearly  a  decade  after  IPv6  was  completed, 
the  network  industry  has  yet  to  embrace  the 
new  protocol. That’s  because  a  forklift  upgrade 
to  IPv6  is  too  expensive  and  time-consuming 
for  a  carrier  or  enterprise,  with  little  measur¬ 
able  return.  Instead,  the  network  industry 
expects  a  gradual  transition  to  IPv6,  which  will 
probably  run  side  by  side  with  IPv4  for  many 
years  to  come. 

Now  it  appears  that  IPv6  finally  is  winning 
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this  argument.  The  American  Registry  for  In¬ 
ternet  Numbers  recommended  in  May  that 
the  Internet  community  start  migrating  to  IPv6. 

In  fact,  some  industry  experts  predict  that 
there  are  only  about  1,200  days  left  until  the 
Internet  runs  out  of  IPv4  addresses.  Leading 
the  charge  to  IPv6  is  the  U.S.  government, 
which  has  required  that  all  agencies  support 
the  new  protocol  in  their  backbone  networks 
by  June  2008. 

Software-as-a-service  vs.  packaged  apps 

There’s  no  doubt  software-as-a-service  is  rev¬ 
olutionizing  the  business  applications  market. 
While  most  people  say  the  death  of  packaged 
software  has  been  greatly  exaggerated,  that 
won’t  stop  a  few  software-as-a-service  propo¬ 
nents  from  claiming  the  battle  has  been  won. 

“Software  is  dead.  Dead,  dead,  dead,  dead,” 
Jonathan  Bush,  chairman  and  CEO  of  athena- 
health  in  Massachusetts,  claimed  a  few 
months  ago  during  a  panel  discussion  on  soft¬ 
ware-as-a-service. 

Athenahealth  provides  Web-based  services 
to  doctors’  offices,  and  like  other  software-as- 
a-service  vendors,  will  tell  you  its  product  is 
superior  to  traditional  applications  because 
of  its  ease  of  use,  frequent  upgrades  and 
monthly  payment  plans,  which  are  supposed 
to  force  vendors  to  provide  better  customer 
service. 

In  Bush’s  view,  the  Web  equivalent  of  old- 
school  software  would  be  Yahoo  charging 
$2,000  a  seat  for  the  ability  to  look  up  direc¬ 
tions,  rather  than  offering  a  free  online  map¬ 
ping  tool,  as  it  does  today 

“There’s  an  acknowledgment  that  software 
in  and  of  itself  isn’t  differentiating  a  thing,” 
Bush  said.  “You’ve  got  to  give  software,  and 
then  you  have  to  sell  work.” 

But  it’s  not  hard  to  find  software-as-a-service 
proponents  who  acknowledge  this  new  trend 
isn’t  likely  to  spell  the  doom  of  packaged 
applications. 

It’s  more  likely  that  software-as-a-service  and 
packaged  applications  ultimately  will  coexist 
and  complement  one  another,  both  within 
vendors’  product  lines  and  within  enterprises, 
says  Jeffrey  Kaplan,  who  runs  consulting  firm 
Thinkstrategies. 

Still, coexistence  isn’t  exactly  the  same  as 
peace  and  harmony,  Kaplan  acknowledges. 
There’s  plenty  of  room  for  sniping  between  the 
two  camps. 

“The  legacy  application  folks  tend  to  believe 
their  applications  are  more  robust,  more  full- 
featured,  more  mature,  more  powerful,”  Kaplan 
says,  “whereas  they  consider  software-as-a-ser¬ 
vice  to  be  a  skinnied-down  version  of  the 
application  for  amateurs.” 

Carolyn  Duffy  Marsan,  John  Fontana,  John 
Cox,  John  Brodkin  contributed  to  this  package. 
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Co-working 

continued  from  page  1 

person-to-person  interaction  during  work. 

“Over  the  past  year  or  two,  these  co-working 
spaces  have  been  sprouting  up  around  the 
country  in  recognition  of  individual  entrepre¬ 
neurs  who  have  taken  to  working  out  of  coffee 
shops  but  who  still  desire  the  kind  of  human 
interaction  that  they  can’t  really  get  there,” says 
Pierce,  a  software  developer  who  co-founded 
Beta  House  in  February  to  serve  as  a  working 
space  for  independent  Web  developers,  prod¬ 
uct  managers  and  start-up  owners.The  project, 
say  Beta  House  members,  has  been  a  rousing 
success  so  far. 

“Personally  I’m  very  happy  to  have  a  four- 
burner  gas  stove,  a  grill  on  the  back  porch  and 
a  fridge  full  of  beer  at  work,”  says  Brian 
DelVecchio,  a  software  developer  work¬ 
ing  at  Beta  House.“These  are  things  that  I 
find  make  a  much  more  comfortable 
place  to  work.  It’s  easy  for  me  to  focus 
here  and  get  deep  into  things,  instead  of 
working  in  a  cubicle.” 

The  draw  of  co-working 

Nationwide  there  are  roughly  16.2  mil¬ 
lion  self-employed  teleworkers  and  12.4 
million  teleworkers  employed  by  an  out¬ 
side  party  A  2007  CDW  survey  of  more 
than  2,000  workers  showed  that  79%  of 
workers  employed  in  the  private  sector 
and  half  of  workers  employed  in  the 
public  sector  worried  about  feeling  iso¬ 
lated  and  missing  human  interaction  if 
they  were  to  start  telecommuting. 
Roughly  a  third  of  both  private  and  pub¬ 
lic-sector  workers  also  reported  that  they 
didn’t  want  to  stay  at  home  during  work. 

It  is  in  this  context,  advocates  say  that 
co-working  provides  a  valuable  service.  For 
although  working  in  your  underwear  may 
seem  appealing  at  first  glance,  many  telework¬ 
ers  say  they  quickly  began  to  feel  isolated  and 
they  missed  having  colleagues  nearby  to 
bounce  ideas  off  of. 

“For  the  past  10  to  15  years,  we’ve  lived  in  an 
age  where  you  can  work  in  socks  and  under¬ 
wear,  but  that  doesn’t  prevent  you  from  going 
insane,” says  Charles  Planck,  CEO  of  Articulated 
Impact,  the  founding  parent  company  of  the 
Washington,  D.C.-based  Affinity  Lab  (www.nw 
docfinder.com/2226)  co-working  space.  “You 
find  that  if  you’re  at  home  too  much,  you  lose 
your  edge  in  dealing  with  people.” 

Most  co-working  spaces  are  designed  less 
like  offices  and  more  like  lounges  or  coffee 
shops.  While  private  desks  are  available  to  pay¬ 
ing  customers,  many  co-working  spaces  have 
significant  common  areas  dedicated  to 
encouraging  interaction.  Citizen  Space  in  San 
Francisco  (www.nwdocfinder.com/2224),  for 
instance, rents  out  only  seven  private  desks  and 
uses  the  rest  of  its  space  as  a  common  area  that 
has  a  full  library,  meeting  areas  that  come  with 
white  boards  and  a  projector,  and  a  popcorn 
machine.  Citizen  Space  co-founder  Tara  Hunt 


says  she  and  her  partner  Chris  Messina  de¬ 
signed  their  co-working  space  with  the  idea  of 
maximizing  sociability  and  idea-sharing. 

“When  you’re  an  independent  worker,  there 
are  times  when  you’re  hitting  a  wall  when  it 
comes  to  getting  new  ideas,” Hunt  says.“We  did¬ 
n’t  start  out  Citizen  Space  to  be  a  rent-a-desk 
sort  of  office.  Rather,  we  wanted  to  work  among 
really  smart,  turned-on  people.”  She  says  one  of 
the  most  interesting  aspects  of  Citizen  Space  is 
watching  how  people  get  into  daily  rhythms  of 
mixing  work  with  social  activity  Typically  peo¬ 
ple  will  mingle  briefly  at  the  beginning  of  the 
day  and  then  will  settle  down  and  work  for 
about  45  minutes  before  needing  a  break,  get¬ 
ting  a  cup  of  coffee  and  mingling  some  more. 
This  differs  from  coffee  shops,  she  says,  where 
people  generally  don’t  know  each  other,  and 
also  from  executive  suites,  where  too  much 


conversation  often  is  frowned  on. 

Of  course,  sociability  and  idea-sharing  are 
only  one  part  of  what  makes  co-working 
appealing.  Another  crucial  benefit  is  being 
able  to  share  costs  with  others  for  such  work 
essentials  as  Internet  connection,  phone  ser¬ 
vice,  office  supplies  and  rent.  Planck  says  that 
paying  $895  per  month  to  Affinity  Lab  guaran¬ 
tees  not  only  a  desk  but  also  two  DSL  pipes,  ref¬ 
erence  books,  a  kitchen  and  conference  room 
for  common  use,  a  color  copier  and  printer, 
and  24-hour  access  to  the  facility  A  $275 
monthly  membership  to  Independents  Hall  in 
Philadelphia  (www.nwdocfinder.com/2227) 
gets  workers  a  full-time  desk,  wireless  Internet 
connection,  equipment  storage  space  and  a 
conference  room. 

Beta  House  charges  $200  to  $400  per  month, 
per  desk,  and  rates  depend  on  how  much  time 
a  member  spends  working  in  the  space.  With 
12  people  working  out  of  the  space  at  any 
given  time,  Pierce  says  that  charging  in  the  $200 
to  $400  range  is  optimal  for  covering  the  site’s 
expenses,  which  he  says  run  an  average  of 
$3,000  to  $3,500  per  month. 

“Our  costs  are  pretty  much  equally  split 
among  our  members,”  he  says. 


A  philosophy  of  open  source  working 

People  who  operate  in  co-working  spaces 
often  refer  to  their  way  of  work  as  a  “move¬ 
ment.”  Although  co-working  spaces  have  sig¬ 
nificant  differences  in  their  services  and  cul¬ 
ture,  co-working  as  a  whole  generally  is  de¬ 
fined  by  four  major  values:  collaboration, 
openness,  community  and  sustainability. 
Essentially,  co-working  spaces  encourage 
their  members  to  share  as  many  of  their 
ideas  with  each  other  as  possible  and  not  to 
feel  they’re  in  competition  with  their  co¬ 
working  colleagues. This  principle  is  encour¬ 
aged  by  all  major  co-working  spaces, 
although  different  spaces  have  different 
methods  of  prodding  their  members  into 
being  more  open.  Citizen  Space,  for  instance, 
explicitly  prohibits  its  members  from  signing 
nondisclosure  agreements  (NDA)  with  one 
another.  Affinity  Lab,  on  the  other 
hand, has  no  specific  policy  on  NDAs, 
but  Planck  says  that  all  members 
must  be  “people  who  work  and  play 
well  with  others.” 

While  none  of  the  co-workers  inter¬ 
viewed  for  this  story  say  they  ever 
have  encountered  a  situation  where 
two  people  employed  by  competing 
firms  ever  had  to  inhabit  the  same  co¬ 
working  spaces,  they  do  concede  that 
such  a  situation  could  easily  arise.  In 
that  case,  they  say  the  two  parties 
would  be  encouraged  to  talk  openly 
with  each  other,  and  they  would  have 
to  understand  that  their  rivalry  does 
not  exist  within  the  confines  of  the 
co-working  area. 

“We’re  a  community  space  first,  and 
that  means  the  people  who  work  here 
come  first,  and  the  companies  they 
work  for  come  second,”  says  Alex 
Hillman,  one  of  the  co-founders  of 
Independents  Hall. 

Of  course,  this  model  of  openness  has 
given  many  employers  and  investors  pause. 
When  Beta  House  member  and  co-founder 
Greg  Gibson  started  raising  capital  to  start 
his  own  virtual  goods  business,  many  ven¬ 
ture  capitalists  expressed  concern  about  co¬ 
working  sites’  vulnerabilities  to  hacking  and 
other  security  threats.  While  he  understands 
these  concerns,  Beta  House’s  password- 
secured  wireless  cable  modem  still  is  a  more 
secure  connection  than  what  most  telework¬ 
ers  use,  he  notes. 

“We  actually  had  quite  a  bit  of  pushback 
from  some  of  the  investors  about  being  locat¬ 
ed  in  a  space  like  this,”  Gibson  says.  “Their 
concerns  were  mostly  security,  confidentiali¬ 
ty,  and  concern  that  the  guy  next  to  you  is 
going  to  steal  your  ideas.  And  we  had  to  do 
quite  a  bit  of  work  to  explain  the  benefits  vs. 
the  risks.” 

And  what  about  investors  who  insist  on 
fretting  about  the  Beta  House’s  Internet 
security?  “We  tell  them, ‘Hey,  it’s  much  less  of 
a  worry  here  than  it  would  be  at  Starbucks,”’ 
Gibson  says.  ■ 


Co-working  provides  people  with  the  sociability 
and  cost-sharing  of  an  office. 
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Oracle  and  BEA: 

A  hostile  takeover  may  be  coming. 


What  happened? 

Or  nothing  at  all. 


Oracle  and  BEA:  a  hostile  takeover? 

Oracle  needed  18  months  to  complete  a  hostile  takeover  of  PeopleSoft, 
purchasing  the  rival  vendor  for  $10.3  billion  in  December  2004.The  early  days 
of  Oracle's  bid  for  BEA  Systems  do  not  seem  promising  if  Oracle  wants  a 
friendly  takeover.  Here’s  a  look  at  what’s  happened  so  far. 

Oct.  9:  Oracle  offers  to  buy  BEA  for  $17  per  share,  the  equivalent  of  $6.7  billion. 

Oct.  11:  BEA  letter  rejects  offer,  saying  “BEA  is  worth  substantially  more  to  Oracle.” 

Oct.  12:  A  day  after  being  rejected,  Oracle  goes  public,  issuing  press  release  detailing 
its  offer  for  BEA  and  hopes  for  a  "friendly  transaction." 

Oct.  22:  BEA  rejects  Oracle  offer  for  a  second  time. 

Oct.  23:  Oracle  letter  to  BEA  demands  shareholder  vote  on  an  acquisition  agreement 
within  five  days,  saying  no  other  company  has  offered  a  better  deal. 

Oct.  23:  (later  in  the  day):  BEA  says  its  board  is  unanimously  opposed  to  Oracle’s  offer, 
but  says  it  would  be  open  to  selling  for  a  “reasonable  price." 

Oct.  25:  BEA  takes  the  initiative,  saying  it  will  consider  selling  to  “third  parties  including 
Oracle”  at  a  price  of  $21  per  share. 

Oct.  25:  (later  in  the  day):  Oracle  calls  BEA’s  proposal  “impossibly  high"  and  says  it 
won't  raise  its  offer  of  $17  per  share. 


BY  JON  BRODKIN 

Despite  consistent  pressure  from  acquisi¬ 
tion-happy  Oracle,  leadership  at  BEA  Systems 
is  standing  firm  against  the  software  giant. 
After  Oracle  threatened  to  pull  its  $6.7  billion 
offer  for  BEA  off  the  table,  BEA  didn’t  cave:  It 
demanded  more  money 

What  happens  next  may  be  anyone’s  guess. 
“There’s  information  the  public  knows,  and 
there’s  information  really  known”  only  by  each 
company’s  board  of  directors,  notes  Ari 
Kaplan,  president  of  the  Independent  Oracle 
Users  Group  (IOUG). 

Oracle  offered  to  purchase  BEA  for  $17  per 
share  on  Oct.  9  and  was  promptly  rebuffed.  In 
the  pursuer’s  latest  move,  Oracle  president 
Charles  Phillips  sent  a  letter  to  BEA’s  board 
demanding  that  BEA  let  shareholders  vote 
on  an  acquisition  agreement.  In  response, 
BEA  on  Oct.  25  proposed  a  purchase  amount 
of  $21  per  share,  inviting  “third  parties  includ¬ 
ing  Oracle”  to  bid  at  that  price.  Oracle 
already  has  rejected  the  $21  price  as  “impos¬ 
sibly  high”  and  said  it  refuses  to  budge  from 
the  $  1 7-per-share  offer. 

That  could  be  just  the  beginning  of  a  long, 
drawn-out  process,  even  though  both  com¬ 
panies  have  said  they  want  to  avoid  a 
lengthy  ordeal. 

Instead  of  rejecting  outright  any  attempt  at 
an  acquisition,  BEA  clearly  is  open  to  being 
acquired  if  it  gets  the  right  price.“BEAs  Board 
has  not  indicated  that  it  would  be  opposed  to 
a  transaction  that  appropriately  reflects  BEAs 
value,  reached  through  a  reasonable  process,” 
BEAs  William  Klein,  vice  president  of  business 
planning  and  development,  wrote  in  an 
Oct.  23  letter  to  Oracle  President  Charles 
Phillips,  hours  after  Oracle  threatened  to  take 
its  offer  out  of  play“If  Oracle  is  genuinely  inter¬ 
ested  in  acquiring  BEA,  you  are  fully  capable 
of  proposing  a  reasonable  price  to  the  BEA 
Board  or  taking  any  offer  you  wish  directly  to 
BEA  shareholders.” 

If  BEA  has  a  poison-pill  provision  in  its 
bylaws,  that  would  prevent  an  acquisition 
without  agreement  from  the  board  of  direc¬ 
tors,  says  Brad  Shimmin,  principal  analyst  for 
application  infrastructure  at  Current  Analysis. 
If  that  is  the  case,  Oracle  could  go  to  court  “to 
have  [the  poison  pill]  removed  and  swoop  in 
and  do  a  hostile  takeover,”  he  says. 

“I  don’t  think  [Oracle  is]  threatening  to  pull 
the  bid,  so  much  as  they  are  stating  that  they 
believe  it’s  a  fair  bid  and  they  hope  BEA  recon¬ 
siders,”  Shimmin  said  before  BEAs  $21-per- 
share  proposal. “1  don’t  think  it’s  really  a  ques¬ 
tion  of  showmanship  for  the  money.  I  think  if 
BEA  does  not  reconsider . . .  then  Oracle  very 
likely  could  start  a  legal  process  to  make  the 
acquisition  go  through.” 


Shimmin  is  not  expecting  a  bidding  war 
between  Oracle  and  other  potential  buyers, 
“because  other  vendors  who  were  possibili¬ 
ties  have  all  denied  any  interest  in  [buying 
BEA] ,”  he  says. 

SAPfor  example,  will  not  try  to  purchase  BEA 
because  there  is  too  much  overlap  in  the  com¬ 
panies’  technology  CEO  Henning  Kagermann 
reportedly  has  said. 

At  BEA  rival  JBoss,  a  middleware  vendor 
owned  by  Red  Hat,  general  manager  Sacha 
Labourey  predicted  that  BEA  will  give  in  to 
pressure  from  investors  and  sell  to  Oracle. 

BEAs  product  lines  include  AquaLogic,  soft¬ 
ware  to  help  develop  and  manage  service- 
oriented  architecture  (SOA)  components,  and 
other  products  to  integrate, secure  and  govern 
the  services  deployed  in  an  SOA.  BEA  also 
makes  the  WebLogic  platform,  a  set  of  prod¬ 
ucts  including  an  application  server  and  por¬ 
tal  that  supports  Web  2.0  technologies  with 
rich  user  interfaces  and  mashups. 

Deal  could  benefit  BEA  customers 

An  Oracle-BEA  deal  probably  would  benefit 
BEA  customers,  and  would  be  great  for  Oracle, 
giving  the  vendor  a  huge  advantage  over  SAP 
in  SOA-based  applications,  Shimmin  says. 

If  you  don’t  hear  anything  within  the  next 
couple  of  weeks,  however,  this  deal  might  not 
happen  at  all,  says  James  Kobielus,  principal 
analyst  for  data  management  at  Current 
Analysis.  “If  anything’s  going  to  happen,  it’s 
going  to  have  to  happen  in  the  next  week  or 


two,”  he  says.  “If  there’s  not  a  counterbid  or  a 
new  bid  from  Oracle  in  the  next  couple  of 
weeks,  don’t  expect  anything  after  that.  ” 

Many  Oracle  customers  also  use  products 
from  BEA,  which,  because  of  WebLogic,  is  the 
“worldwide  leader  in  Java-based  application 
servers,”  according  to  the  IOUG’s  Kaplan. 

Oracle  has  done  a  good  job  continuing  to 
support  products  from  companies  it  has 
acquired,  but  the  effect  of  any  acquisition  on 
customers  is  always  an  unknown,  Kaplan  says. 
“Oracle  has  done  cooperative  takeovers. 
Oracle  has  done  hostile  takeovers,  PeopleSoft 
is  a  good  example,”  he  says. “In  the  end,  what 
we’re  concerned  about  is  on  the  customer 
side:  Is  the  technology  a  value  to  customers?  Is 
any  of  the  technology  going  to  be  thrown  out, 
or  [no  longer  supported]?” 

Oracle  hasn’t  let  its  ambition  to  purchase 
BEA  prevent  it  from  making  other  acquisitions. 
Oracle  announced  Wednesday  it  has  agreed  to 
buy  Interlace  Systems,  which  makes  strategic 
operational  planning  software.  Interlace  would 
be  Oracle’s  10th  acquisition  of  2007. 

An  Oracle-BEA  deal  would  be  practically  a 
match  made  in  heaven,  argues  David 
O’Connell,  a  senior  analyst  at  Nucleus  Re¬ 
search.  BEA  has  the  technology  to  integrate  a 
lot  of  the  applications  Oracle  sells,  and 
Oracle’s  offer  of  $6.7  billion  seems  to  be  a  fair 
one,  he  says.  “If  Oracle  uses  BEA  well,  it  can 
have  a  more  seamlessly  integrated  product 
offering  than  its  rivals,  and  that  would  be  a  sig¬ 
nificant  competitive  advantage,”  he  says.B 
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Nick  Stafford,  IT  Operations  Manager,  Cabela's 
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Start-ups  get  VC  cash  infusion 

Femtocells,  wireless  LANs  and  archiving  among  focus  areas 


BY  CARA  GARRETSON 

You  probably  haven’t  heard  of  most  of  these 
seven  companies  —  yet. 

Amid  the  $2.7  billion  invested  by  venture 
capitalists  in  372  private  companies  targeting 
enterprise  IT  customers  during  the  third  quar¬ 
ter,  a  handful  of  start-ups  stand  out  as  particu¬ 
larly  promising.  Venture  capitalists,  always  on 
the  look  out  for  the  next  big  thing,  are  pouring 
money  into  these  companies  in  the  hope  that 
their  technologies  soon  will  become  staples  of 
corporate  networks. 

A  special  slice  done  for  Network  World  (see 
complete  results  at  www.nwdocfinder.com 
/2250)  of  the  MoneyTree  Report,  compiled  by 
PricewaterhouseCoopers  and  the  National 
Venture  Capital  Association  based  on  data 
from  Thomson  Financial, shows  that  third-quar¬ 
ter  investments  in  network-related  companies 
are  down  slightly  from  the  $2.9  billion  invested 
in  the  second  quarter,  and  have  been  hovering 
in  the  same  range  for  the  past  few  years  (see 
graphic).  The  report  defines  network-related 
companies  as  those  from  market  segments 
including  security,  wireless,  telecommunica¬ 
tions,  the  Internet  and  software. 

With  newer  investment  categories,  such  as 
reusable  energy,  and  flashier  ones,  such  as 
consumer  electronics,  taking  up  investors’ 
attention,  start-ups  aiming  at  the  mature, 
enterprise  IT  market  need  to  come  up  with 
truly  innovative  technology  to  stand  out.  And 
with  the  IPO  market  for  technology  compa¬ 
nies  still  just  a  shadow  of  its  former,  Internet- 
boom  self,  these  companies  also  need  strong 
hopes  for  profitability 

“Enterprise  is  not  the  easy  place  it  used  to 
be”  for  returns  on  investments,  says  Pascal 
Luck,  managing  director  of  Core  Capital  in 
Washington,  D.C.“But  as  with  any  space,  innov¬ 
ative  technology  is  always  interesting,  and 
always  a  good  investment.” 

Highlighted  here  are  seven  companies  that 
received  more  than  $20  million  in  funding  dur¬ 
ing  the  third  quarter. They  haven’t  gotten  much 
attention, but  are  aiming  to  bring  innovation  — 
directly  or  indirectly  —  to  enterprises. 

With  a  fresh  $20  million  behind  it  from 
Kleiner  Perkins  Caufield  &  Byers,  Lightspeed 
Venture  Partners,  and  Northern  Light  Venture 
Capital,  Aerohive  Networks  is  aiming  to  make 
wireless  LANs  (WLAN)  simpler  and  less 
expensive.  The  company,  founded  in  2006, 
launched  its  HiveAP  product  line  in  May.  This 
architecture  eliminates  the  WLAN  controller, 
instead  pushing  network  control  and  data  for¬ 
warding  to  WLAN  access  points  at  the  edge  of 
the  network,  the  company  says.  Aerohive’s 
products  also  are  optimized  for  voice-over- 
WLAN  applications,  it  says. 

Atempo,  which  makes  data-protection  and 


Network  deals  stagnant 

After  hitting  a  high  of  4,589  deals 
totaling  $68  billion  in  2000, 
investments  in  network-related 
companies  targeting  the  enterprise 
have  languished: 


Number 

Dollars 

Year 

of  deals 

invested 

2001 

2,578 

$26  billion 

2002 

1,784 

$13  billion 

2003 

1,634 

$11  billion 

2004 

1,654 

$12  billion 

2005 

1,614 

$11  billion 

2006 

1,678 

$11  billion 

2007  (to  date) 

1,198 

$8  billion 

Source:  MoneyTree  Report,  compiled  by 
PricewaterhouseCoopers  and  the  National 
Venture  Capital  Association  based  on  data 
fromThomson  Financial.  The  report  defines 
networking-related  companies  as  those  from 
market  segments  including  security,  wireless, 
telecommunications,  the  Internet  and  software. 


archiving  software,  plans  to  put  the  $22  million 
it  received  from  Intel  Capital,  Ridgewood 
Capital  Management  and  Steelpoint  Capital 
Partners  to  work  expanding  its  product  line 
and  global  presence,  company  officials  say 

Going  up  against  such  storage  giants  as  EMC 
and  Network  Appliance,  Atempo’s  software  for 
Windows,  Linux  and  Unix  servers  is  based  on  a 
data-management  framework  that  automati¬ 
cally  adjusts  to  a  specified  level  of  data  protec¬ 
tion  and  security 

Azul  Systems  could  be  called  the  company 
that  almost  wasn’t.  Last  month  a  $41  million 
bailout  came  the  way  of  the  server  appliance 
maker  with  investments  from  Accel  Partners, 
Austin  Ventures,  ComVentures,  Redpoint  Ven¬ 
tures  and  Worldview  Technology  Partners.  The 
company  which  was  founded  by  former  Sun 
executives,  in  June  settled  a  patent-infringe 
ment  lawsuit  brought  by  the  computing  giant. 
Just  before  these  venture  capitalists’  checks 
were  cashed,  Azul  was  laying  off  employees 
and  rumored  to  be  looking  for  a  buyer;  now 
the  company  intends  to  use  the  money  to  fur¬ 
ther  plans  for  its  network-attached  processing 
products  it  sells  to  large  enterprises  running 
Java  applications.  The  company’s  appliance 
pools  server  processing  power  for  Java-based, 
transaction-intensive  applications  to  maximize 
their  performance.  According  to  IDC,  sales  of 
enterprise  servers  to  power  Java  applications 
reached  $11.2  billion  in  2005. 


Novarra,  which  received  $34  million  from 
Colorado  Investment  Securities,  Fort  Washing¬ 
ton  Capital  Partners  Group,  JK&B  Capital,  Kettle 
Partners  and  Qualcomm  Ventures,  makes  a 
Web  browser  for  mobile  phones  that  reformats 
Web  sites  designed  for  PC  screens  only  Users  of 
the  technology  are  mobile  operators,  handset 
makers  and  Web  content  providers,  but  enter¬ 
prises  would  also  benefit  from  providing 
mobile  workers  better  access  to  more  sites.The 
six-year-old  company  has  struck  deals  with 
Vodafone, Palm, U.S.  Cellular  andYahoo.In  addi¬ 
tion  to  the  browser,  Novarra  offers  the  Novarra 
Engines  for  Wireless  Data  Product  Suite,  which 
gives  companies  client  and  server  offerings 
that  can  be  placed  behind  a  corporate  or  car¬ 
rier  firewall  to  extend  applications  to  mobile 
devices  securely 

Plato  Networks,  which  received  $20  million 
in  funding  from  Crosslink  Capital,  Granite 
Ventures  and  STIC  Investments,  is  a  fabless 
semiconductor  company  that  says  its  commu¬ 
nications  integrated  circuits  will  bring  energy 
efficiency  to  the  data  center. The  three-year-old 
company,  still  operating  in  stealth  mode,  will 
use  the  new  cash  to  speed  up  development  of 
its  ultra-low-power  lOGbps  Ethernet  products. 
By  combining  analog  techniques  with  digital- 
signal  processing,  the  company’s  offerings  will 
help  enterprises  save  on  power  required  by 
data-center  equipment,  officials  say 

Tatara  Systems  received  $29  million  from 
Highland  Capital  Partners,  North  Bridge 
Venture  Partners  and  undisclosed  individuals 
to  continue  work  on  its  femtocells,  or  indoor 
base  stations  for  wireless  communications. 
The  technology  is  designed  to  improve  in- 
home  and  small-office  mobile  coverage,  let¬ 
ting  carriers  provide  enhanced  IP  services  for 
mobile  phone  customers,  officials  say. 
Femtocells  connect  to  a  service  provider’s 
network  via  broadband  connections  to 
extend  service  coverage  indoors,  and  route 
mobile  phone  traffic  through  an  IP  network. 
The  six-year-old  company  lists  NEC  and  Bell 
Mobility  among  its  customers. 

Apparently  Greylock  Partners  agrees  with 
our  nomination  earlier  this  year  of  Workday 
as  one  of  10  enterprise  software  companies 
to  watch;  the  venerable  venture  capital  firm 
alone  invested  $20  million  in  the  company 
in  the  third  quarter.  Two-year-old  Workday 
provides  a  suite  of  ERP  services,  including 
human  capital,  revenue,  resource  and  finan¬ 
cial  management.  The  company  was  co¬ 
founded  by  PeopleSoft  founder  Dave 
Duffield  and  is  pitting  its  service  model 
against  ERP  giants  SAP  and  Oracle.  It  names 
Salesforce.com,  Kana  Software,  Covad 
Communications  and  RightNow  Technolo¬ 
gies  among  its  customers.  ■ 
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Who  has  the  widest  range  of 
KVM  solutions  in  the  world? 


ATEN 


On  a  scale  of  1  to  1 0...  ATEN 

The  leading  KVM  switch  solutions  provider 
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manufacturer  in  the  personal/desktop  KVM  market  and 
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Internet  on  the  road:  good  where  inexpensive 


Atrip  I  took  last 
week  to  New 
Mexico  for  a  con¬ 
ference  and  a  few  days 
of  driving-around  vaca¬ 
tion  reinforced  my 
assumptions  about  the 
craziness  of  the  Wi-Fi 
business  these  days: 
The  fancier  the  hotel, 
the  more  expensive 
and  the  poorer  the 
quality  of  Internet  service. 

I  stayed  at  three  different  hotels  during  this 
trip  —  a  Hyatt  Regency  a  Comfort  Inn  and  a 
Courtyard  by  Marriott  —  and  I  flew  through 
three  airports.  By  far  the  highest-speed  and  eas- 
iest-to-use  Internet  service  was  found  in  the 
Comfort  Inn.  All  I  had  to  do  was  select  the 
access-point  Service  Set  Identifier  and  go.  No 
agreements  to  click  through  or  forms  to  fill  out. 

The  service  was  “free”  —  that  is,  included  in 
the  very  inexpensive  rate  for  the  Spartan  but 
fully  adequate  room. 

Internet  service  at  the  Albuquerque  airport 
was  almost  as  easy  —  also  free  but  requiring  a 
click-through  agreement  to  be  a  good  Internet 
user. 

The  cost  of  the  Internet  service  at  the 
Courtyard  by  Marriott  also  was  built  into  the 
quite  inexpensive  room  rate.  The  service  was 
not  as  easy  to  use  as  that  at  the  Comfort  Inn  or 
the  Albuquerque  airport.  It  was  wired  rather 


than  wireless,  but  they  provided  the  cable,  so 
that  was  not  a  problem.  But  they  wanted  me  to 
give  them  my  name  and  e-mail  address,  as  well 
as  to  agree  not  to  abuse  the  service. 

Denver’s  airport  had  fee-based  wireless  ser¬ 
vice  through  AT&T — the  standard  sort  of  thing 
where  I  provided  credit  card  information  and 
accepted  their  use  agreement,  and  AT&T 
charged  my  Amex  card  $7.95  for  24  hours  of 
use,  even  though  I  was  going  to  be  there  less 
than  two  hours. 

That  leaves  the  Hyatt  Regency  This  is  not  a 
case  of  leaving  the  best  until  last. 

No  free  Internet  service  here  in  spite  of  a 
room  rate  that  was  more  per  day  than  that  of 
the  other  two  hotels  combined. The  room  was 
far  from  Spartan,  but  there  were  few  useful  dif¬ 
ferences  between  the  Hyatt  and  Courtyard  by 
Marriott  rooms  other  than  square  feet  of  floor 
space  —  quite  a  bit  of  which  was  taken  up  by 
a  bed  bigger  than  the  kitchen  in  my  first  apart¬ 
ment  and  covered  by  enough  pillows  for  a 
baseball  team. 

The  Hyatt  offered  wireless  Internet  service 
from  T-Mobile.  I  had  to  pick  up  scratch  cards 
from  the  hotel  check-in  desk  that  were  good 
for  a  day  and  which  dutifully  were  put  on  my 
bill  for  the  conference-special  price  of  about 
$5  each  (I’ve  seen  prices  as  high  as  $21  in  other 
“good”  hotels). 

As  far  as  I  can  tell,  T-Mobile  does  not  have 
anyone  on  staff  that  understands  user  inter- 
faces.There  were  eight  to  10  things  I  had  to  fill 


in  just  to  get  going,  including  my  name  and 
contact  information  even  though  I  was  using  a 
prepaid  card.  After  all  of  that,  I  got  an  account 
setup  and  had  to  log  on  to  the  account  —  why 
I  couldn’t  just  start  using  the  account,  I  do  not 
know. 

On  top  of  all  the  steps,  Firefox  reported  that 
the  account  name  and  password  were  sent 
unencrypted  on  the  wireless  network  —  not 
exactly  a  security  feature.  The  worst  feature  of 
the  service  was  that  there  seemed  to  be  no 
way  to  extend  an  account  with  a  new  scratch 
card  —  there  was  a  button  that  promised  to  do 
that,  but  all  the  button  did  was  show  me  a 
screen  that  said  what  I  wanted  to  do  was 
incompatible  with  the  account  I  had.  Thus,  I 
had  to  create  a  new  account  every  day  with  a 
different  logon  name  because  the  one  I  had 
was  now  in  use.  In  addition,  the  service  was 
quite  a  bit  slower  than  at  the  Comfort  Inn. 

Why  is  it  that  the  fancier  the  hotel,  the  more 
they  want  to  ding  you  for  so  many  things  after 
charging  you  an  exorbitant  room  rate?  Safe  to 
say  that  I  only  stay  at  these  places  when  some¬ 
one  else  is  paying  and  I  have  to  because  it’s  the 
conference  hotel.  I’d  rather  stay  in  a  place  that 
is  more  on  a  human  scale  and  I  know  upfront 
what  it  will  cost. 

Disclaimer:  Harvard  University  rarely  stays  in 
hotels, so  the  above  observation  is  mine  alone. 

Bradner  is  Harvard  University's  chief  security 
officer.  He  can  be  reached  at  sob@sobco.com. 
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Divided,  we  fall 


I’ve  always  believed  in  the  importance  of 
maintaining  a  well-designed  emergency 
response  capability  For  many  years  I  helped 
organize  security  operations  centers,  computer 
emergency  response  teams  and  incident 
response  teams.  No  company  is  ever  100% 
secure.  Breaches  happen  and  will  continue  to 
happen.  Secure  companies  are  the  ones  that 
are  able  to  efficiently  and  effectively  mitigate 
Andreas  Antonopoulos  the  damage  from  a  security  incident.  Looking 
-  back,  I  would  probably  do  things  a  bit  different¬ 
ly  now.  A  key  difference  would  be  the  balance 
between  company  privacy  and  involvement  of  law  enforcement. 

The  response  plan  has  to  include  a  policy  on  the  involvement  of  law 
enforcement,  both  whether  law  enforcement  is  involved  and  when  they 
are  notified.  Today  it  seems  that  most  companies  choose  to  “handle 
things  quietly”  to  avoid  reputation  damage.  Thus  law  enforcement  is 
most  often  not  notified. 

Numerous  statistics  back  this  assertion,  but  the  most  telling  is  the 
effect  of  SB  1386,  the  “sunshine  law”  Ever  since  the  passage  of  SB  1386 
required  companies  to  notify  victims  of  identity  theft,  there  has  been  a 
deluge  of  reports  of  stolen  laptops  and  lost  backup  tapes.  It’s  not  as  if 
these  things  didn’t  happen  before,  only  that  the  reporting  rate  was 
probably  lower  than  1%.  If  that’s  the  case  in  identity  theft,  you  can  bet 
that  disclosure  rates  on  cybercrime  not  covered  by  SB  1386  remain 
abysmally  low. 

It’s  time  that  companies  revisit  the  policy  of  nondisclosure.  It’s  feeding 
a  cybercrime  beast  that  is  getting  increasingly  larger.  Not  only  is  cyber¬ 
crime  lucrative,  but  compared  with  any  other  kind  of  crime  it  is  quite 
low  risk,  partly  because  companies  don’t  pursue  prosecutions. 


There  are  many  reasons  why  a  company  would  choose  to  keep  things 
quiet: 

•  Concern  about  negative  publicity 

•  Fear  of  retaliation. 

•  Low  expectation  of  prosecution  (especially  with  attacks  from  other 
countries). 

•  Concern  about  intellectual  property  leaking  in  a  court  case. 

These  are  all  valid  reasons,  but  they  tend  to  emphasize  short-term 

benefits  over  longer-term  damage.  Reputation  risk  is  becoming  less  of 
an  issue.  In  a  way  the  deluge  of  publicized  breaches  makes  it  obvious 
to  consumers  that  no  company  is  immune  or  100%  secure.  In  most 
cases  the  damage  to  stock  prices  is  only  temporary  Law  enforcement 
agencies  are  getting  much  better  at  protecting  the  victims  from  being 
revictimized  through  the  legal  process.  The  Department  of  Justice  has 
published  best  practices  to  protect  companies  that  report  cybercrime 
hoping  to  improve  reporting  rates. 

But  the  bottom  line  is  simple: The  damage  caused  by  nonreporting  is 
long  term  and  devastating.  Infinite  tolerance  (the  current  policy  of  non¬ 
reporting)  leads  to  low  risk  for  cybercriminals.  When  companies  hide 
crime,  they  harm  themselves  indirectly:  burdensome  regulations,  popu¬ 
lar  backlash,  criminal  impunity  glamorization  of  cybercrime. The  iden¬ 
tify  theft  market  grew  more  than  60%  last  year,  and  that’s  just  the  tip  of 
the  iceberg  that  SB  1386  reveals. 

To  beat  cybercrime  we  have  to  report  it.  Get  to  know  your  local  U.S. 
attorneys  and  FBI  agents  and  build  a  relationship  today  —  before  you 
become  a  victim. Then  stand  united. 

Antonopoulos  is  senior  vice  president  and  founding  partner  at 
Nermetes  Research ,  a  technology  research  firm.  He  can  be  reached  at 
andreas@nermetes.  com. 
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Soft  hardware:  the  joys  of  virtual  appliances 


For  all  of  my  more  than  25  years  in  IT,  the  “soft¬ 
ware  vs.  hardware”  debate  has  raged  on. 
During  that  time,  their  benefits  were  mutual¬ 
ly  exclusive.  In  many  instances,  software  gave  us 
total  flexibility,  but  hardware  gave  us  reliability 
and  performance.  As  with  most  things  in  life, 
there  were  trade-offs.  Now,  though,  it  appears  that 
virtualization  is  coming  to  the  rescue  —  again  — 
with  the  concept  of  virtual  appliances.  Perhaps 
you  can  have  it  all,  after  all. 

At  least  in  theory  a  virtual  appliance  gives  you 
the  flexibility  of  a  software-based  approach,  as 
well  as  the  plug-and-play  benefits  usually  associ¬ 
ated  with  stand-alone  appliances.  I  can’t  decide 
if  this  is  “hard  software”  or  “so ft  hardware,”  but  a  virtual  appliance  brings 
many  of  the  benefits  of  both. 

First  and  foremost,  the  appliance  —  and  by  extension  the  virtual 
appliance  —  leaves  component  integration  up  to  the  vendor.  For 
example,  if  the  service  being  deployed  stores  log  information  in  a  re¬ 
lational  database  such  as  MySQL,  the  base  operating  system  and  that 
component  are  loaded  and  tested  by  the  vendor. 

That  might  sound  simple  but  typically  it  is  not.  For  starters,  given  the 
modular  approach  that  vendors  take  in  building  systems  (and  this  is  the 
way  it  should  be  done),  it  is  quite  common  for  many  building  blocks  to 
be  required  to  build  a  finished  system.  If  you  take  the  software  route,  the 
user  is  responsible  for  loading  all  of  the  prerequisite  building  blocks. 
That  can  be  quite  time-consuming  and  rife  with  possible  errors  should 
the  components  not  be  loaded  in  the  proper  order.  When  you  take  the 
virtual  appliance  route,  those  environmental  responsibilities  become 
someone  else’s  concern. 

If  you  take  the  traditional  hardware  route,  you  generally  are  stuck 
with  whatever  base  platform  you  purchased.  It  isn’t  often  that  ven¬ 


dors  will  swap  out  old  appliances  for  new  ones  at  no  or  minimal 
charge.  Given  that  most  appliances  are  meant  to  be  “black  box” 
devices  —  not  to  be  tinkered  with  by  the  buyer  —  it’s  also  not  usual 
or  customary  to  offer  extensive  in-place  hardware  upgrades  of  key 
components,  such  as  CPU  or  RAM.  Thus,  the  platform  ultimately  can 
become  your  greatest  limitation.  The  vendor  might  get  to  a  point 
where  the  software  and  firmware  upgrades  that  provide  new  func¬ 
tions  can’t  run  on  the  platform  that  you  purchased.  Then,  your  only 
option  might  be  a  forklift  upgrade. 

Once  again,  a  virtual  appliance  does  away  with  these  particular  limi¬ 
tations  and  concerns.  Because  the  hardware  is  virtual,  the  vendor  can 
provide  you  with  a  new,  fully  integrated  machine  as  a  downloadable 
image  you  can  boot  and  run.  Because  other  potential  constraints  — 
CPU,  disk,  RAM  —  are  virtual  as  well, your  appliance  can  get  instant  ben¬ 
efits  from  any  hardware  upgrades  to  the  physical  machine.  And  again, 
because  each  appliance  is  virtual,  one  physical  system  can  run  multi¬ 
ple  virtual  appliances. 

Any  drawbacks?  Well,  I’m  always  concerned  about  performance. 
For  in-line  appliances,  such  as  intrusion-prevention  devices  or  fire¬ 
walls,  dedicated  hardware  always  has  been  the  best  way  to  assure 
high  throughput  and  minimal  latency. 

In  the  past,  many  of  these  appliances  had  specially  designed  hard¬ 
ware  that  would  accelerate  particular  functions,  for  example,  deep 
packet  inspection. 

Today  however,  we  are  seeing  multiple,  multicore  CPU  systems  taking 
on  many  of  the  jobs  done  in  the  past  by  dedicated  hardware.  In  addi¬ 
tion,  new-generation  systems  take  a  hypervisor  approach  to  communi¬ 
cate  directly  with  underlying  hardware.  Still,  there  is  nothing  like  actual 
numbers  to  put  performance  concerns  to  rest. 

Tolly  is  president  and  CEO  of  the  Tolly  Group.  He  can  be  reached  at  ktol- 
ly@tolly.com. 
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Social  networks  and  the  wisdom  of  crowds 
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Johna  Till  Johnson 


*|ps  here’s  a  lot  of  buzz  lately  about  the  concept 
of  social  networking.  You’ve  got  to  admit 
■  the  phrase  is  pretty  silly  First  off,  it’s  redun¬ 
dant:  Networks,  by  definition,  are  already  social 
—  they  connect  humans.  Plus,  what’s  the  oppo¬ 
site  —  “antisocial  networking”?  Going  online  to 
tell  everyone  how  much  you  hate  them? 

But  despite  the  silly  name,  the  basic  concept  is 
pretty  exciting.  It  refers  to  the  fact  that  network¬ 
ing  technology  is  leading  to  all  kinds  of  new 
and  interesting  ways  for  humans  to  interact. 
One  of  those  is  crowdsourcing  —  the  notion 
that  people  in  the  aggregate  can  provide  more 
accurate  information  than  individual  experts. 

The  reasoning  is  that  crowds  can  be  self-correcting.  If  a  large  number 
of  people  are  able  to  correct  one  another’s  errors  —  whether  made  out 
of  ignorance  or  bias  —  the  results  will  be  overall  more  reliable  than  the 
output  of  any  individual  (or  small  group).  The  canonical  example  is 
Wikipedia,  which  is  by  pretty  much  any  measure  at  least  as  accurate  as 
a  traditional  encyclopedia,  and  considerably  more  timely  Another 
example  is  the  reader  reviews  on  Amazon.com. 

But  we  need  to  be  aware  of  the  limits  of  the  wisdom  of  crowds.  I’m 
reminded  of  the  wonderful  Robert  Heinlein 
quote:  “Democracy  is  based  on  the  assump¬ 
tion  that  a  million  men  are  wiser  than  one 
man.  How’s  that  again?  . .  .Autocracy  is  based 
on  the  assumption  that  one  man  is  wiser  than 
a  million  men.  Let’s  play  that  over  again,  too.” 

Replace  “democracy”  with  “crowdsourcing” 
and  “autocracy”  with  “individual  expertise”, 


and  you  see  the  problem  precisely  OK,  I’m  just  a  tad  biased.  My  liveli¬ 
hood  depends  on  my  perceived  expertise  (however  real  or  not), so  I’m 
naturally  a  bit  reluctant  to  imagine  that  I  could  be  replaced  by  an 
anonymous  crowd. 

But  there’s  a  bigger  reason  I’m  skeptical  of  crowdsourcing.  It’s 
another  social  networking  phenomenon  called  information  cas¬ 
cading.  Cascading  refers  to  the  demonstrated  fact  people  often 
change  their  opinions  based  on  those  of  others  —  without  having 
any  better  data. 

Researchers  Duncan  Watts,  Matthew  Salganik  and  Peter  Dodds 
demonstrated  this  phenomenon  in  a  study  published  last  year  in 
the  journal  Science.  More  than  14,000  participants  registered  at  the 
Web  site  Music  Lab  (www.musiclab.columbia.edu)  and  were  asked 
to  listen  to,  rate  and,  if  they  chose,  download  songs  by  bands  they 
had  never  heard  of.  Some  participants  saw  only  the  names  of  bands 
and  songs;  others  also  saw  how  many  times  the  songs  had  been  pre¬ 
viously  downloaded. 

The  upshot?  Bands  that  had  been  rated  highly  by  previous  partic¬ 
ipants  were  more  likely  to  be  rated  highly  by  subsequent  ones.  As 
the  researchers  reported, “The  impact  of  a  listener’s  own  reactions 
is  easily  overwhelmed  by  his  or  her  reactions  to  others.” 

Crowds,  in  other  words,  aren’t  quite  as  self-correcting  as  we’d  like  to 
believe.  Once  again,  Heinlein  put  it  well: 
“Wisdom  is  not  additive;  its  maximum  is  that  of 
the  wisest  man  in  a  given  group.” 
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Johnson  is  president  and  senior  founding 
partner  at  Nemertes  Research,  an  independent 
technology  research  firm.  She  can  be  reached  at 
johna  @nemertes.  com. 
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The  evolution  of  antivirus  software 


BY  CHIRANTAN  DESAI 

Reports  about  the  death  of  traditional  signature-based  antivirus  soft¬ 
ware  are  premature.  As  the  threat  landscape  evolves,  so  too  must 
antivirus  software  to  provide  both  signature-  and  behavioral-based 
protection.  Effective  endpoint  security  must  also  incorporate  technologies 
such  as  endpoint  firewall,  host  intrusion  prevention  and  network  access 
control. 


Until  recently  attackers  were  in  it  for  the  fame 
and  notoriety  of  hacking  a  corporate  network. 
Financial  gain  was  rarely  the  motivation.  This 
has  changed,  and  corporate  networks  have 
never  been  at  so  much  risk.  Attacks  are  increas¬ 
ingly  silent  and  insidious,  targeting  sensitive 
and  confidential  business  data. 

Twice  a  year  Symantec  releases  its  Internet 
Security  Threat  Report  (ISTR),  a  vendor-  and 
product-neutral  examination  of  the  current 
Internet  threat  environment.  ISTR  Vol.  XII, 
released  in  September  2007,  covers  the  period 
from  Jan.  1  to  June  30,  2007.  It  shows  a  dra¬ 
matic  increase  in  instances  of  data  theft,  data 
leakage  and  the  creation  of  targeted,  malicious 
code  for  the  purpose  of  stealing  confidential 
information  for  financial  gain. 

As  attackers  have  become  increasingly  finan¬ 
cially  motivated,  they  have  optimized  the  capa¬ 
bilities  of  a  broad  spectrum  of  attack  methods. 
MPack  is  a  notable  example  that  emerged  in 
the  first  half  of  2007.  This  commercially  avail¬ 
able  black-market  attack  tool  kit  incorporates 
malicious  code,  spam  and  exploits  for  Web 
browser  vulnerabilities.  It  can  launch  exploits 
for  browser  and  client-side  vulnerabilities 
against  users  who  visit  a  malicious  or  compro¬ 
mised  Web  site. 

Multistaged  attacks  often  incorporate  an  ini¬ 
tial  Trojan  that  downloads  a  back  door,  which 
in  turn  can  allow  the  attacker  to  set  up  a  phish¬ 
ing  Web  site.  This  suggests  that  exploit  code 
developers,  malicious  code  authors,  spam¬ 
mers  and  phishers  may  be  collaborating  for 
mutual  gains.  It  also  indicates  that  a  new  type 
of  attacker  has  emerged  who  is  versed  in  all 
types  of  attacks  and  is  extremely  flexible  in  his 
methodology  and  motives. 

The  multistage  methods  have  led  some  ana¬ 
lysts  to  question  the  value  of  traditional  signa- 

Got  great  ideas? 

H  Network  World  is  looking  for  great 
ideas  for  futureTech  Updates.  If  you’ve 
got  one,  and  want  to  contribute  it  to  a 
future  issue,  contact  Editor  in  Chief 

John  Dix  (jdix@nww.com) 


ture-based  antivirus  software. Yankee  Group 
Analyst  Andrew  Jaquith  in  December  2006 
published  a  paper“AntiVirus  is  Dead:  Long  Live 
Anti-Malware”  saying  his  objective  was  to  “bust 
everybody’s  bubble  that  (signature-based 
antivirus)  is  keeping  people  safe  and  the 
notion  it  will  solve  your  malware  problems.” 

Jaquith  is  not  alone  in  proclaiming  that  anti¬ 
virus  signatures  are  no  longer  effective  and 
companies  should  be  implementing  behav¬ 
ioral-based  technologies. This  reasoning,  while 
not  completely  wrong,  is  misguided.  It  is  cor¬ 
rect  that  proactive  behavior-based  technolo¬ 
gies  offer  the  best  protection  against  zero-day 
attacks  and  other  threats  based  on  characteris¬ 
tics,  not  signatures.The  number  and  frequency 
of  those  attacks  are  on  the  rise.  However,  signa¬ 
tures  remain  the  most  effective  tool  for  the 
accurate  detection  and  remediation  of  the 
thousands  of  existing  known  threats  that  are 


still  prevalent  on  the  Internet. 

Security  systems  and  policies  must  evolve  to 
take  a  more  proactive  approach  to  combating 
threats  by  leveraging  both  signature-  and 
behavioral-based  technologies  to  ensure  a  safe 
and  connected  environment. 

After  all,  employees  are  increasingly  mobile, 
needing  access  to  the  network  from  laptops 
or  smart  phones  while  they’re  at  home,  on  the 
road  or  at  a  local  coffeehouse.  Customers, 
contractors  and  partners  require  regular  and 
easy  access  to  at  least  parts  of  a  company’s 
data  stores. 

Therefore,  an  effective  endpoint  security  sys¬ 
tem  requires  more  than  antivirus. A  more  holis¬ 
tic  approach  will  require  adopting  additional 
security  technologies  such  as  firewalls,  host  in¬ 
trusion  prevention,  data  loss  prevention, 
mobile  device  protection  and  NAC. 

Although  Internet  security  threats  are  be¬ 
coming  more  silent  and  deadly,  signature- 
based  antivirus  technology  continues  to  play  a 
critical  role  in  fighting  known  threats. A  layered 
security  system  that  merges  signature-  and 
behavior-based  antivirus  technologies  with 
other  security  tools  will  enable  companies  to 
provide  authorized  personnel  access  to  their 
corporate  networks  while  keeping  external 
and  internal  threats  at  bay 

Desai  is  senior  director  of  Product  Manage¬ 
ment  at  Symantec. 
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Study  finds  3Com's  OSN 

delivers  an  innovative  new  Products  under  test 

3Com  Open  Services  Netwoi 

approach  to  building  networks 
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Average  Throughput  of  3Com  OSN  Module  to 
Switch-Attached  Laptop  Across  Fast  Ethernet 

(TCP  Stream  Test  with  Mixed  Packet  Sizes) 

Duration 

Avg.  Throughput 
(Mbps) 

Bytes  Transmitted 
(MB) 

10  seconds 

94.15 

123.4 

30  seconds 

94.13 

370.2 

5  minutes 

94.12 

3700 

.  J| 


An  in-depth  Tolly  Group  examination  of 
3Com  Corp.'s  Open  Services  Networking 
(OSN)  revealed  that  the  solution  enables 
enterprises,  service  providers  and  systems 
integrators  to  deliver  innovative,  flexible 
solutions;  develop  and  deploy  services 
faster;  simplify  network  management;  and 
achieve  lasting  investment  protection. 

OSN  is  a  communications  infrastructure  that 
enables  applications  to  run  inside  the  network 
and  address  a  range  of  issues  that  confront 
CIOs  and  network  designers.  OSN  makes  it 
possible  for  3Com  router  and  switching  plat¬ 
forms  to  run  a  variety  of  open  source  and 
best-of-breed  commercial  applications  to 
enable  a  range  of  network  services. 

Tests  demonstrated  OSN's  ability  to  support 
best-of-breed  applications  or  open  source-based 
applications  on  the  hardware,  giving  users  a  crit¬ 
ical  choice  in  how  they  wish  to  deploy  their 
application  base  and  manage  software  costs. 
Moreover,  tests  showed  that  the  OSN  module 
itself  is  based  on  a  recent,  up-to-date,  secure 
Linux  operating  system,  that  it  is  ready  to  host 
mission-critical  applications  such  as  voice  over 
IP  (VoIP)  and  that  it  supports  standard  IP  when 
interfacing  with  its  host  router. 

OSN  saves  on  capital  expenses  by  eliminating 
the  need  for  additional  appliances  and  reducing 
power  consumption.  From  an  operational 
expense  viewpoint,  OSN  enables  remote  deploy¬ 
ment  and  management  of  applications,  elimi¬ 
nating  on-site  technical  support. 

3Com  also  has  focused  OSN  on  serviceability 
and  control  to  reduce  the  cost  and 
complexity  of  servicing  network 


applications.  This  was  evident  by  the  tight 
integration  between  the  module  and  the  router 
or  switch  platform,  enabling  administrators  to 
control  applications  as  needed. 

Additionally,  tests  show  that  3Com  has  created 
OSN  with  security  in  mind,  ensuring  the  applica¬ 
tions  hosted  on  an  OSN  platform  are  protected 
behind  multiple  hardware  and  software  compo¬ 
nents.  Testing  validated  this  when  access 
control  lists  (ACLs),  network  address  translation 
(NAT)  and  firewall  connections  were  tested. 

Testing  also  demonstrated  that  OSN  is  capable 
of  running  enhanced  applications  that  required 


advanced  disk,  traffic  and  CPU  resources. 
Additionally,  testing  proved  that  OSN  is  easy  to 
use  and  to  deploy.  Simply  mounting  the  OSN 
software  and  bringing  up  the  OSN  modules  on  a 
3Com  router  required  a  matter  of  just  a  few  min¬ 
utes.  And  testing  also  demonstrated  that  OSN 
"auto-interfaces"  with  its  host  router  and  3Com 
has  furnished  simplified  administration  via  a 
Webmin  Open  Source  Web  portal  interface 

Finally,  tests  demonstrated  that  OSN  modules 
inside  the  router  or  switch  deliver  near  wire- 
speed  performance,  even  when  transmitting 
data  to  clients  behind  firewall  connections. 


•  Fosters  secure  applications  by  enabling  administrators 
and  firewall  operations 


•  Supports  multiple  monitoring  applications,  and  interoperability  with  SNMP- 
enabled  products  so  users  can  deploy  multiple  types  of  service  monitoring, 
tailored  to  a  specific  business  need 


View  the  full  report  at: 
h  ttp://www.  tolly.  com/DocDetail.  aspx  ?DocNumber= 207186 


Reflex  MG10  Network  Security  Switch 

repels  severe  attacks,  maintains  traffic  performance 
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Reflex  MG10  Maximum  Throughput 
Under  Attack  with  611  Unique  Threats 

(as  Reported  by  Avalanche  Cbmmander  7.51  and  Mu-4000) 


f  Attack  duration 

100  140  180  220  260  300  340  380  420  460  500 

Seconds  elapsed 


•  Maintains  average  maximum  throughput 
of  10.25  Gbps  even  when  device  is  pro¬ 
cessing  611  unique  threats  —  the  maxi¬ 
mum  attacks  supported  by  the  Mu-4000 
Security  Analyzer  with  Version  2.3.28 
attack  library 

•  Blocks  611  security  threats  out  of  611 
generated 

•  Sustains  throughput,  with  zero  failed 
transactions,  during  random  blade  failure 

•  Supports  almost  5.8  million  steady-state 
TCP  connections  over  two  10GbE  and 
eight  GbE  ports 


Tests  show  that  a  network  security 
switch  from  Reflex  Security  can  suc¬ 
cessfully  thwart  a  heavy  barrage 
of  attack  traffic  while  simultaneously 
processing  normal  application  traffic 
without  sacrificing  performance. 

Reflex  Security,  Inc.  commissioned  The 
Tolly  Group  to  examine  the  performance 
of  the  Reflex  MG  10,  a  network  switch 
that  employs  a  blade-based  Distributed 
Security  Architecture™  (DSA)  that 
provides  scalable  throughput  from  10 
Mbps  to  10  Gigabits  per  second  (Gbps). 
The  aim  was  to  understand  how  the 
MG  10  can  handle  normal  application 
traffic  while  also  handling  a  serious 
load  of  security  threats. 


Engineers  also  measured  the  number  of 
open  TCP  connections  sustained  across 
the  MG  10,  and  examined  how  the  unit 
responds  during  an  invoked  failure. 

Throughput  tests  show  that  the  MG  10 
delivers  10.25  Gbps  of  throughput  while 
its  deep  packet  inspection  detected  and 
prevented  the  complete  library  of 
attacks  generated  by  a  Mu  Security 
Mu-4000  Security  Analyzer.  The  Reflex 
MG  10  also  delivered  uninterrupted 
performance  and  zero  transaction  loss 
during  simulated  failures  of  Reflex  MG 


chassis  security  blades.  In  fact,  engi¬ 
neers,  simulated  a  failure  by  pulling  a 
system  blade  for  60  seconds.  This  rep¬ 
resented  a  serious  hardware  failure  on 
the  device.  However,  the  MG  10  contin¬ 
ued  to  deliver  6.3  Gbps  of  throughput 
even  with  the  loss  of  a  single  blade. 
Engineers  noted  that  the  reinsertion  of 
the  MG  10  blade  did  not  result  in  the 
loss  of  any  transactions. 

Engineers  measured  the  ability  of  the 
MG10  to  perform  a  SYN-SYN  ACK 
process  to  open  a  connection  with 
another  device  and  then  maintain  that 
open  TCP  connection.  Tests  of  TCP  con¬ 
nections  shows  that  the  security 
switch  can  sustain  5.8  million  open  TCP 
connections  over  the  device  backplane. 


View  the  full  white  paper  at: 

http://www.tolly.com/DocDetail.aspx?DocNumber=207219 


Sponsor:  Reflex  Technology,  Inc. 


Product  class:  Network  security  switch 
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Accurately  identifies  all  traffic  types  tested 
from  a  stream  of  1.6  Gbps  of  aggregate 
throughput  across  the  device  backplane 


Maintains  at  least  1.6  Gbps  of  throughput 
and  100%  detection  accuracy  even  as  the 
number  of  rules  scales  from  0  to  20,000 


Generates  less  than  1  millisecond  of  one  way 
average  latency  while  performing  Layer  7 
Deep  Flow  Inspection  (DFI)  at  the  of  1.6  Gbps 
with  20,000  rules  enabled 


Deploys  in  just  four  basic  steps  into  an 
existing  network 


Tests  reveal  speed,  accuracy 
and  scalability  of  PfOCGrd 

Networks  PacketLogic 

7600  for  broadband  ISPs 


Broadband  Internet  service  providers  (ISPs)  intent 
on  improving  Quality  of  Service  (QoS)  and  managing 
applications  that  hog  bandwidth  could  benefit  from 
the  findings  of  a  Tolly  Group  test  on  the  Procera 
Networks  PacketLogic  7600  traffic  and  service 
management  system. 

Tolly  Group  tests  confirm  that  the  Procera 
PacketLogic  7600  offers  high  accuracy  in  traffic 
identification,  extremely  low  latency,  ease  of  instal¬ 
lation  and  the  ability  to  scale  to  accommodate 
changing  network  traffic  loads. 

The  PL7600  typically  is  deployed  by  broadband 
service  providers  to  manage  and  control  network 
and  service  usage  and  traffic,  to  provide  tiered 
service  levels  and  assure  agreed-upon  throughputs 
(SLAs),  and  to  conform  to  the  technical  assistance 
requirements  of  lawful  intercept  regulations  such  as 
CAIEA  (Communications  Assistance  for  Law 
Enforcement  Act)  in  the  U.S. 


fying  all  50  traffic  types  tested,  even  as  traffic 
scaled  from  0.2  to  1.6  Gbps.  Further,  the 
PacketLogic  7600  generated  less  than  1  millisecond 
average  latency  across  all  throughput  rates,  with  up 
to  20,000  traffic  management  rules  enabled  — 
proving  the  system's  high  performance  and  ability 
to  easily  scale  without  introducing  undue  latency 
and  network  delays.  And  finally.  Tolly  Group  engi¬ 
neers  affirmed  the  system's  ease  of  use  and  instal¬ 
lation  by  documenting  the  steps  needed  for  initial 
deployment  in  an  existing  network. 

On  the  scalability  front,  engineers  verified 
that  the  PacketLogic  7600  does  not  degrade 
the  throughput  and  latency  performance  up 
to  20,000  rules  tested  by  sustaining  1.6 
Gbps  throughput  and  less  than  1  ms  of  average 


latency.  Maximum  latency  measurements  did  not 
exceed  3  ms. 

From  an  ease-of-use  perspective,  Tolly  Group 
engineers  verified  that  just  four  basic  steps  are 
needed  to  deploy  a  PacketLogic  7600  appliance 
into  an  existing  network.  Since  the  PacketLogic 
7600  runs  transparent  in  the  network  at  Layer  2, 
it  starts  gathering  Layer  7  traffic  information  by 
being  inserted  into  the  existing  network  inline  or 
as  a  tap.  By  default,  the  7600  is  equipped  with 
300+  signatures  to  identify  common  services 
used  by  applications.  However,  like  typical  users. 
Tolly  Group  engineers  changed  IP  information, 
enabled  the  statistics,  created  new  objects  and 
associated  the  objects  with  rules/policies. 


View  the  full  report  at: 

http://www.tolly.com/DocDetail.aspx?DocNumber=207173 

Traffic  Identification  Accuracy  at  Various  Throughput  Rates 

(Simulation  of  50  Well-Known  Applications) 


The  Procera  PacketLogic  7600's  traffic  identifica¬ 
tion  capabilities,  which  allow  service  providers  and 
others  to  manage  applications  such  as  BitTorrent 
and  file  sharing,  achieved  100%  accuracy  in  identi- 


Sponsor:  Procera  Networks,  Inc. 


Document  number:  207173 
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Testing  window:  April  2007 


For  more  info  on  this  test,  visit 


•  http://www.proceranetworks.com 
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Throughput  (Gbps) 

Note:  Engineers  used  Shenick's  "TCP  Replay"  feature  to  replay  PCAP  files  which  contained 
the  behaviors  of  50  well-known  applications  and  generated  up  to  1.6  Gbps  of  stateful 
throughput.  While  the  PacketLogic  7600  is  rated  at  up  to  2  Gbps  of  bidirectional  throughput, 
the  test  tool  used  only  generated  up  to  1.6  Gbps. 


Nortel  proves  price/performance  lead  over 
Cisco  and  HP  in  Ethernet  switch  tests 


In  two  separate  tests  conducted  for  Nortel, 
the  company’s  Ethernet  Routing  Switches 
exceeded  the  price  perfomance  of  compa¬ 
rable  switches  from  Cisco  Systems  and 
ProCurve  Networking  by  HP. 

A  May  2007  test  of  Nortel's  ERS  2526T 
and  ERS  2550T  shows  that  the  Nortel 
switches  delivered  superior  performance  of 


up  to  9.52  and  11.6  million  frames  per  sec¬ 
ond  for  64-byte  frames,  surpassing  the 
Cisco  Catalyst  2960-24T  and  48T  and 
ProCurve  Networking  2626  and  2650.  The 
Nortel  switches  also  offered  a  lower  cost- 
per-Gbps  of  throughput  —  $109/$  153  for 
24/48  ports,  versus  ProCurve  at 
$143/$  1 59  and  Cisco  at  $567/$661. 


A  September  2007  Tolly  Group  report  found 
that  Nortel's  ERS  4548GT-PWR  achieved  48 
Gbps  of  throughput  vs  26  to  30  Gbps  for 
Cisco  Catalyst  3560-48PS  and  3750-48PS 
switches  tested.  Again,  Nortel  offered  the 
lowest  cost-per-Gbps  of  throughput  at  $70, 
vs.  $250  for  the  Catalyst  3750G-48PS  and 
$153  for  the  Catalyst  3560-48PS. 


Layer  2  Bidirectional  Frame  Forwarding  Rate  of  Nortel  ERS, 

Cisco  Catalyst  and  HP  ProCurve  using  64-Byte  Frames 

as  Reported  by  Spirent  SmartFiow  5.5 
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Nortel  Cisco  ProCurve  Switch 

2526T  2960  24TC  2626 

Note:  1.)  All  switches  tested  with  maximum  available  GbE  uplink  ports  2. 
and  bidirectional  traffic  was  generated  in  a  full-mesh  configuration  where 

Cost-per-Gbps  of  Throughput  in  a 
Standalone  Switch  Configuration 


Nortel  Cisco  ProCurve  Switch 

2550T  2960-48TC  2650 

)  The  frame  forwarding  rate  was  measured  in  Layer  2  switching  mode- 
ports  of  the  same  type  were  grouped  together. 

View  the  full  ERS  2526/2550T  report  at: 
http://www.tolly.com/DocDetail.aspx?Docl\lumber=207178 
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View  the  full  4548GT-PWR  report  at: 

http: //www.  tolly.  com/DocDetail.  aspx  ?DocNumber= 207237 


Nortel  ERS  Cisco  Catalyst  Cisco  Catalyst 
4548GT-PWR  375048PS  3560-48PS 


There  is  a  myth  that  proprietary  hard¬ 
ware  products  are  always  better  choices 
over  standard  x86-based  systems  for 
enterprises  and  small-  to  medium-sized 
business  (SMB)  networking  needs.  As 
the  networks  become  more  complex  and 
diverse,  network  managers  have  to  pay 
more  attention  to  upfront  investments, 
ongoing  maintenance  costs  and  costs  to 
scale  for  future  growth.  For  the  majority 
of  SMB  and  enterprise  branch  office 
managers,  open  software  on  standard 
hardware  is  the  answer  to  performance 
and  cost-effective  growth  needs. 

Tolly  Group  tests  show  that  a  Vyatta  open- 
source,  software-based  routing  and  securi¬ 
ty  solution  on  an  x86  processor-based  sys¬ 
tem  (Dell  PowerEdge  860)  delivered  twice 
the  performance  for  half  the  price  of  a 
Cisco  router  tested  during  a  Gigabit 
Ethernet-to-Gigabit  Ethernet  (GbE)  sce¬ 
nario  with  all  packet  sizes  tested. 

The  Vyatta  software  achieved  Layer  3  wire- 
speed  throughput  (2  Gbps  of  aggregate 
throughput)  for  1,024  bytes  or  higher,  while  a 
Cisco  2821  Integrated  Services  Router  never 
achieved  wire-speed  performance  in  any  tests. 
For  the  64-byte  bidirectional  throughput  test, 
Vyatta  offered  double  the  throughput  of  the 
Cisco  device  — 282  Mbps  while  the  Cisco 
2821  attained  138  Mbps. 


Vyatta  open-source  router 

doubles  performance  over 

Cisco  282 1  in  head-to-head  test 

Bidirectional  Zero-loss  (<  0.001%)  Routing  Throughput 

fas  Reported  by  Spirent  SmartFlow  5.5) 
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Engineers  also  proved  that  the  Vyatta 
software  router  delivered  lower  frame 
loss  than  the  Cisco  2821  for  all  packet 
sizes  and  achieved  zero  frame  loss  with 
1,024-byte  packets  and  higher. 

Tolly  Group  engineers  also  computed  a 
cost-per-Mbps  of  throughput  value  to 
assess  the  the  price/routing  throughput 
performance.  With  a  retail  price  of 
$1,797  for  bundled  hardware/soft¬ 
ware/support,  Vyatta  delivers  price/per¬ 
formance  from  a  low  of  90  cents  per 
Mbps  (1,024  byte  packets  or  higher)  to  a 
high  of  $6.37  (64-byte  packets).  The 


base  system  Cisco  2821,  with  a  retail 
price  of  $3,334.98,  has  a  cost-per-Mbps 
ranging  from  a  low  of  $1.69  (1,518-byte 
packets)  to  a  high  of  $24.17  (64-byte 
packets).  WAN  interfaces  were  not 
factored  into  pricing. 

When  users  want  to  add  an  additional 
Layer  3  Fast  Ethernet  routing  port,  Cisco 
users  pay  $1,009.99  (CDW.COM)  to  add 
one  Fast  Ethernet  Layer  3  port  (Cisco 
1-port  HWIC,  MFG#  HWIC-1FE).  Vyatta 
users,  by  contrast,  pay  only  $65  for  a  GbE 
port  since  they  can  leverage  the  structural 
cost  benefits  of  the  x86  system. 


Outperforms  the  Cisco  2821  router  consistently  in  Layer  3  Ethernet  bidirectional  zero- 
loss  throughput  achieving  up  to  twice  the  performance  at  half  the  price 


•  Operates  at  Layer  3  wire-speed  across  two  onboard  Gigabit  Ethernet  ports  when 
forwarding  1,024-byte  packets  or  higher 


Delivers  lower  packet  loss  than  the  Cisco  2821  for  ail  packet  sizes  and  achieves  zero  packet 
loss  with  1, 024-byte  packets  and  higher 


Leverages  standard  hardware  and  the  structural  cost  benefits  of  the  x86  ecosystem  to 
offer  a  flexible,  extensible  and  faster  solution  at  attractive  price  points 

View  the  full  report  at: 
http://www.tolly.com/DocDetail. aspx?DocNumber=2061 90 


NAC  test  reveals  Mirage  Endpoint 
Control 


real-world  applications 


Protects  customer  networks  from  infected,  out-of-policy,  and  unknown  endpoints 

Stops  behavioral  threats,  preventing  malware  from  propagating  throughout  a  network 

Detects  and  stops  unauthorized  applications  such  as  instant  messaging  and  peer-to-peer  file  sharing 

Stops  unknownfrogue  devices  such  as  gaining  consoles,  personal  routers  and  servers  until  they  are  registered 

Protects  wireless  networks  from  unauthorized  mobile  devices  such  as  iPhones  and  Windows  Mobile  devices 


Features/Functions  of  Mirage  Endpoint  Control 
Validated  by  The  Tolly  Group 

Compliance  and 

Requires  authentication  and  host  posture  check  for  Windows,  Linux  and 
Macintosh  devices,  restricting  access  when  devices  are  not  compliant 

* 

Monitoring 

Monitors  behavior  of  all  devices  on  the  network,  restricting  access 
when  policies  are  broken 

^  1 

Detects  P2P  packets  and  alerts  network  admins 

it 

P2P  File 
Sharing  Control 

Stops  flow  of  P2P  traffic 

Revokes  network  access  to  offending  applications  or  endpoints 

Instant 

Messaging 

Detects  IM  traffic  from  AOL,  Yahoo!,  MSN  Messenger  and  Trillian 

Stops  flow  of  IM  traffic 

Checks 

Blocks  network  access  of  offending  applicatoins  or  endpoints 

Rogue  Device 

Detects  unregistered  devices  such  as  personal  routers,  servers, 

Xbox  and  PlayStation 

Registration 

Allows  devices  to  register  for  network  access 

WLAN  Access 
Control 

Detects  and  blocks  Apple  iPhones  and  Windows  Mobile  devices  from 
accessing  wireless  LANs 

Additionally,  the  Mirage  appliance  detected  IM 
traffic  from  services  such  as  Yahoo  Instant 
Messenger,  AOL  Instant  Messenger,  MSN 
Messenger  and  Trillian  and  proceeded  to  stop  the 
flow  of  IM  traffic,  blocked  the  endpoint  client's 
network  access,  and  issued  an  SNMP  alert  and 
E-mail  notification  to  network  personnel. 

Tests  also  show  the  the  Endpoint  Control 
appliance  detected  rogue  routers,  servers, 
and  Microsoft  Xbox  and  Sony  PlayStation 
gaming  consoles.  Further,  it  blocked  network 
access  until  the  devices  were  registered. 

Finally,  engineers  also  validated  that  the 
Endpoint  Control  appliance  detected  an  iPhone 
and  a  Windows  Mobile  device  connecting  to 
the  wireless  network  and  blocked  network 
access  until  the  devices  were  authenticated. 


Mirage  Networks  Endpoint  Control  appliance 
provides  security  that  controls  or  revokes  net¬ 
work  access  to  devices  that  are  unknown, 
out-of-policy,  or  threat-infected,  according  to  a 
recent  Tolly  Group  hands-on  evaluation. 

Tests  show  that  the  Endpoint  Control  appli¬ 
ance  restricted  access  of  Windows  XP, 
Windows  Vista,  Linux  and  Macintosh  clients 
until  each  user  successfully  entered  authen¬ 
tication  credentials,  completed  a  system 
scan  to  validate  OS  patches,  anti-virus  and 
anti-spyware  versions  and  personal  firewall 
versions/status,  and,  lastly,  that  the  clients 
followed  predefined  behavioral  guidelines. 
When  endpoints  were  granted  access, 
Mirage  stopped  a  range  of  threats  from 


The  Tolly  Group  validated  that  Mirage's 
Endpoint  Control  appliance  effectively  deals 
with  applications  such  as  Peer-to-Peer  (P2P) 
and  Instant  Messaging  (IM),  and  can  also  iden¬ 
tify  and  isolate  rogue  devices  seeking  access 
to  the  network,  and  preclude  nuisance 
devices,  such  as  gaming  consoles  from  com¬ 
mandeering  network  resources  without 
authorization.  Engineers  also  validated  the 
ability  to  isolate  Apple  iPhones  from  joining 
wireless  networks  where  they  could  be  the 
root  cause  of  broadcast  storms. 

On  the  P2P  side,  the  appliance  also  blocked 
a  Windows  XP  client's  network  access 
when  it  attempted  to  use  P2P,  and  issued 
an  SNMP  alert  and  E-mail  notification  to 


The  upshot  is  that  while  many  NAC  devices 
offer  some  level  of  access  control.  Mirage 
Networks  has  proven  that  its  Endpoint  Control 
appliance  enables  tangible  customer  applica¬ 
tions  to  utilize  endpoint  access  control  that  is 
above  and  beyond  general  endpoint  security. 


Sponsor:  Mirage  Networks,  inc. 


Document  number:  207252 


roduct  class:  Network  access  control 


appliance 


Products  under  test: 

•  Mirage  Networks  Endpoint  Control, 


version  3.1 


For  more  info  on  this  test,  visit: 


propagating  throughout  the  network.  network  personnel. 


http:llwww.miragenetworks.com 


NETGEAR  Gigabit  Stackable  Smart  Switches 
demo  blazing  speed,  security,  QoS, 
resiliency  and  management 


NETGEAR  ProSafe  24-  and  48-Port  Gigabit  Stackable 
Smart  Switches  Feature  Validation 


Automatic  master  fail-over 

</ 

j  Resiliency 

Redundant  stacking  architecture 

✓ 

Hot-swappable  switches 

<✓ 

;  .  ■ 

Stack  manageable  via  single  IP  address 

V 

Management 

Web-based  management  interface 

V 

SNMP-based  management  software  support 

V 

802.1x  via  RADIUS 

U  security 

MAC-based  Access  Control  List  (ACL) 

<✓ 

■ 

Rate  limiting 

V 

QoS 

Layer  2  (802.1  p)  prioritization 

V 

Layer  3  (DSCP)  prioritization 

V 

Note:  Figure  shows  only  features  validated  by  The  Tolly  Group,  not  entire  spectrum  of  ProSafe 
GS748TS  and  GS724TS  Gigabit  Stackable  Smart  Switch  features. 


•  Delivers  wire-speed  performance  for 
all  frame  sizes  tested  in  a  full-mesh 
configuration  for  48-port  and  24  port 
switches 

®  Offers  comparable  security  and 
QoS  features  to  managed  switches 

•  Manages  the  stack  easily  with  a 
single  IP  address  and  intuitive 
Web-based  management 

©  Demonstrates  redundant  stacking 
architecture  via  a  pair  of  bidirection¬ 
al  stacking  ports  per  switch,  which 
provide  20  Gbps  aggregate  through¬ 
put  in  stacking  ring  topology 

•  Integrates  key  stackable  switch  fea 
tures  into  SMB  domain  in  a  cost- 
effective  way 


users  can  manage  the  NETGEAR  stack  via  a 
Web  browser  and  SNMP-based  manage¬ 
ment  software. 


Recent  Tolly  Group  tests  show  that  the 
NETGEAR  ProSafe  GS748TS  and  GS724TS 
stackable  smart  switches  support  advanced 
network  features  that  are  important  to 
SMB  and  branch  office  users  while  also  deliv¬ 
ering  robust  performance  and  functionality. 

In  a  feature  evaluation,  engineers  ran  various 
tests  under  the  categories  of  resiliency,  man¬ 
agement,  security  and  QoS  to  validate  capa¬ 
bilities.  Engineers  proved  that  the  ProSafe 
GS748TS  and  GS724TS  support  advanced 
security  and  management  features  normally 
offered  in  more  expensive  products. 

In  a  Layer  2  Gigabit  Ethernet  switch  perform¬ 
ance  test,  the  NETGEAR  stackable  switches 


achieved  wire-speed  throughput  in  48-port 
and  24-port,  full-mesh  configurations  for  all 
frame  sizes  tested.  This  equates  to  48  Gbps 
and  24  Gbps  aggregate  throughput  for  the 
GS748TS  and  GS724TS,  respectively. 
What  this  means  is  that  the  ProSafe 
GS748TS  and  the  GS724TS  have  ample 
headroom  for  growth  and  embrace  high- 
bandwidth  applications. 

Tests  also  proved  that  each  high-speed  stack¬ 
ing  port  supports  5  Gbps  of  traffic  in  each 
direction.  Engineers  also  witnessed  sub-second 
fail-over  when  one  of  the  active  switches  in  the 
stack  was  failed.  Tests  also  validated  that  the 
NETGEAR  switches  support  rate  limiting  and 
Layer  2/3  prioritization. 


On  the  security  front,  Tolly  Group  engineers 
verified  that  the  ProSafe  GS748TS  and 
GS724TS  authenticate  users  via  802.1  x  and 
refer  to  a  RADIUS  server  to  verify  user  cre¬ 
dentials.  They  also  proved  that  the  switches 
enable  administrators  to  allow  or  deny 
access  based  on  MAC  addresses. 


Document  number:  207206 


Products  under  test: 

•  NETGEAR  ProSafe  GS724TS  and 
GS748TS  GbE  stackable  smart  switches 
running  firmware  version  1.0. 1.4 

For  more  info  on  this  test,  visit: 

•  http://www.netgear.com 


From  a  management  angle,  engineers 
verified  that  the  stack  can  be  managed  via 


a  single  IP  address  and  also  verified  that 


Analyzing  Deferred  Procedure  Calls 

F 


GEARHEAD 

Mark  Gibbs 


*  aithful  readers  will  know  I’m  still  on  the 
hunt  for  what  is  causing  Deferred  Proce¬ 
dure  Calls  to  drive  wild  swings  in  processor 
utilization  on  my  Windows  XP  machine.  I  re¬ 
booted  the  box  but  the  DPC  utilization  of 
around  40%  returned  for  most  of  Tuesday  and 
lasted  through  to  Wednesday  when  it  magically 
settled  back  down  to  around  2%. 

Before  1  elaborate  on  that  let  me  note  I  am 
lucky  my  computers  are  running  at  all.  I  live  in  Southern  California  and 
on  Saturday  the  Santa  Ana  from  hell  blew  in  (actu¬ 
ally,  it  was  really  more  like  an  explosion).  I  spent 
much  of  the  day  picking  up  things  that  blew  over 
and  battening  down  the  hatches  on  the  Good  Ship 
Gibbs  in  50  mph  gusts  and  90  degree  heat. 

Sunday  was  when  things  went  from  bad  to 
worse.  My  wife’s  PC  wouldn’t  start  and  it  was  then  we  noticed  the 
house  lights  were  rather  dim.  A  quick  test  showed  we  had  a  whop¬ 
ping  60  volts!  The  chance  of  damaging  equipment  under  such  con¬ 
ditions  is  high. 

We’ve  had  occasional,  short-lived  brownouts  in  high  winds  in  the 
past,  but  this  one  lasted  18  hours.The  next  day  we  had  a  complete  out¬ 
age  until  midday,  but  to  my  surprise  and  relief,  all  was  well  with  the 
electronics. 

That  was  when  I  restarted  my  PC  and  found  the  high  DPC  utilization 
was  back.  Last  week  (www.nwdocfinder.com/2228)  I  mentioned  that 
Microsoft’s  Mark  Russinovich  suggested  I  try  the  Kernrate  (www.nwdoc 
finder.com/2229)  sample  profiling  tool,  which  tracks  how  CPU  time  is 


I’m  lucky  my  computers 
are  running  at  all. 


spent  for  both  kernel  and  user  mode  processes. 

At  about  the  same  time  reader  Sean  Fischer  wrote:“We  had  a  similar 
problem  with  wireless  laptops  at  a  major  hospital  where  I  was  imple¬ 
menting  a  new  Cisco  WLAN  (approximately  300  access  points).  A 
small  number  of  Windows  XP  clients  would  become  extremely  slug¬ 
gish  at  times. Task  manager  would  show  100%  CPU  utilization,  but  the 
individual  tasks  did  not  add  up  to  100%.  We  used  Process  Explorer  to 
trace  it  to  DPCs.” 

Fischer  says  they  diagnosed  the  problem  using  another  Microsoft  tool, 
RATTV3  (www.nwdocfinder.com/2230).This  utility  is  less  complex  and 
looked  easier  to  use  than  Kernrate  so  I  decided  to 
try  it  first. 

RATTV3  consists  of  two  programs:  RATT,  which 
does  the  performance  sampling  using  Event  Trac¬ 
ing  for  Windows,  and  CSWA,  which  analyzes  the 
collected  data. 

RATT  runs  as  a  system  tray  application  and  samples  kernel  activity  for 
three  minutes  then  calls  CSWA  to  process  the  data. The  data  is  a  record 
of  the  time  spent  in  Interrupt  Service  Routines,  DPCs  and  DPC  Timers  (a 
mechanism  for  timing  out  execution  of  procedures  for  things  such  as 
preventing  performance  problems). 

The  output  of  CSWA  is  a  little  tricky  to  interpret  as  it  divides  timing  into 
“buckets” —  for  example,  from  4.00us  to  4.99us,  so  an  event  that  takes 
4.54us  would  add  one  point.  Of  course,  when  you  look  at  the  results  you 
really  have  to  multiply  the  number  of  events  in  each  bucket  by  the  medi¬ 
an  duration  of  the  bucket  to  get  the  real  execution  time. 

Next  week:  What  did  I  find?  Send  your  output  to  gearhead@gibbs.com. 


Digital  photo  frames  go  wireless 


COOL 


The  scoop:  Momento  100  digital  picture 
frame,  by  i-Mate,  about  $300. 

What  it  is:  The  Momento  100  is  a  10-inch  digi¬ 
tal  photo  frame  that  adds  wireless  LAN  (WLAN) 
connectivity  as  a  way  for  users  to  get  their  pho¬ 
tos  from  a  shared  PC  or  the  Internet  onto  the 
frame. The  frame  also  includes  more  traditional 
means  of  getting  photos  onto  the  device,  includ¬ 
ing  a  memory  card  slot  (supporting  SD,  Multi- 
Media  Card,  xD  Picture  Card,  SmartMedia  and  Memory  Stick  formats) 
and  USB  port  (for  USB  flash  drives).The  com¬ 
pany  also  makes  a  7-inch  display  version  for 
about  $200. 

Why  it’s  cool:  The  addition  of  a  wireless 
connection  means  users  can  place  the 
photo  frame  in  areas  covered  by  their 
WLAN,  as  opposed  to  near  an  Ethernet  port. 

The  Internet  connection  also  lets  users  get 
updated  photos  to  the  frame  easier  than  re¬ 
moving  a  media  card,  going  back  to  the  PC 
to  add  them,  and  then  back  to  the  photo 
frame.  With  wireless  on  the  device,  a  frame 
owner  living  in  one  part  of  the  country 
(Grandma  and  Grandpa,  as  long  as  they 
have  a  WLAN)  can  receive  updated  photos 
from  friends  and  family  living  in  other  states. 

This  eliminates  sending  out  e-mails  and 
dealing  with  PC  issues. 

The  Momento  100  can  access  media  RSS 
streams,  such  as  those  offered  by  Flickr  and 

other  photo-sharing  sites.  But  i-Mate  has  its  own  photo-sharing  service, 
Momento  Live,  which  lets  users  upload  their  photos  to  a  Web  site,  which 
then  get  sent  directly  to  the  photo  frame.  Once  you  register  your  frame 
with  the  Momento  Live  and  set  up  your  user  name, you  can  send  photos 


The  pictures  in  the  Momento  100  can  be 
swapped  out  wirelessly. 


to  the  frame  from  that  e-mail  address. You  can  also  invite  friends  and 
family  to  send  photos  to  the  frame,  but  they  have  to  sign  up  for  a  free 
account.This  requirement  prevents  unknown  people  from  sending  pho¬ 
tos  to  the  photo  frame  (photos  are  sent  via  e-mail  to  a  custom  address). 

Some  caveats:  Trying  to  use  the  feature  where  the  digital  frame  can 
view  photos  on  a  shared  PC  (a  Windows  PC  sitting  on  a  home  LAN)  was 
a  nightmare.  First,  this  feature  requires  Windows  Vista  or  Windows  XP 
with  Windows  Media  Player  1 1  installed.This  required  a  few  reboots  and 
updates,  including  one  update  where  I  needed  to  go  to  Microsoft’s  Win¬ 
dows  Update  page  and  find  a  specific  “Update  Rollup”  patch.  The  on¬ 
screen  setup  of  the  frame  is  handled  through 
an  overly  sensitive  remote  control,  which 
uses  membrane-like  buttons  that  tended  to 
overcompensate.  Using  the  remote  to  type  in 
a  long  WPA  key  on  an  on-screen  keyboard 
produced  several  errors  and  restarts,  and  just 
using  the  remote  control  to  navigate  through 
screens  led  to  many  “around  the  horn  drive 
bys”  (that’s  where  you  push  the  arrow  key  too 
many  times  and  the  highlighted  area  goes 
past  the  option  you  wanted). 

Bottom  line:  If  i-Mate  can  make  a  better  re 
mote  control  and  work  on  better  sharing 
capabilities  with  Windows  PC  (or  even  add 
Macintosh  support),  they’ll  have  a  winner. 
Adding  wireless  connectivity  to  a  digital 
photo  frame  is  a  great  idea  to  keep  the  phe 
tos  on  the  frame  updated  and  fresh.  And 
that’s  all  that  grandma  wants  anyway 
Grade:  3.5  stars  (out  of  five). 


Shaw  can  be  reached  at  kshaw@nww.com.  New  Coo l  Tools  video 
show  every  Thursday,  and  Twisted  Pair  podcast  every  Friday  at  www.net 
workworld.com. 
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_DAY  56:  Our  voice  and  data  networks  are  out  of  control. 
Nothing’s  unified.  Nothing’s  integrated.  We  have  to  use 
different  devices  for  different  things.  Gil’s  had  enough. 

_He’s  welding  every  device  in  the  office  together  with 
a  blowtorch.  He  calls  it  “The  Unifier.” 

_DAY  57:  I  found  a  better  way:  Unified  Communications  and 
Collaboration  solutions  from  IBM.  Now  we  can  integrate 
our  networks  to  give  us  real-time  access  on  virtually  any 
device.  With  the  IBM  Lotus®  Sametime®  7.5  platform  we  get 
way  more  than  IM.  It  combines  IP  Telephony,  Web  conferencing 
and  more  into  a  single  interface.  We’re  working  fast  and 
for  less. 

_Does  this  mean  our  office  is  no  longer  a  hard-hat  zone? 


IBM.COM/TAKEBACKCONTROL/UNIFY 


T.  Rowe  goes  2.0 

Web  2.0  technology  helps  the  finan¬ 
cial  firm’s  call-center  agents  get  better 
information  to  clients  faster,  proving 
its  mettle  for  more  widespread  use 


BY  PAUL  DESMOND 

s  vice  president  of  T.  Rowe  Price 
Associates,  Kirk  Kness  is  responsible  for 
identifying  innovative  uses  of  technology 
for  the  Baltimore-based  investment  compa¬ 
ny.  In  past  positions  with  T  Rowe  he  was  involved 
in  multimillion-dollar  infrastructure  projects,  but 
these  days  he’s  busy  implementing  relatively  low- 
cost,  Web  2. 0-based  collaboration  tools,  including 
wikis  and  blogs.  The  company's  goal  in  using  Web  2.0  is  to  gather 
information  more  effectively  companywide,  and  make  it  easy  to  find, 
share  and  use  —  perhaps  in  ways  the  company  has  yet  to  envision. 


COME 

TOGETHER 


Fostering  collaboration  takes 
an  effective  mix  of  technology 
planning  and  process,  as 
you'll  learn  from  these  three 
experts: 

•  Kirk  Kness  explains  how 
T.  Rowe  Price  is  harness¬ 
ing  the  power  ofWeb  2.0 
technology  to  empower 
employees  and  make 
customers  happier.  This 

page.  - 

•  Laurie 
Heltsley  tells 
how  she  gets 
Procter  & 
Gamble  employees  excit¬ 
ed  about  collaboration  - 
and  how  it  streamlines 
work  by  millions  of  hours. 
Page  38.  - 

•  Tip  Slater  says  it's  the 
process  that  makes  col¬ 
laboration  a  success  at 
Boeing.  Page  42. 


What  specific  Web  2.0  applications  do  you 
have  in  place? 

We  have  the  Confluence  wiki  platform  [from 
Atlassian  Software]  in  our  call  center,  [Jive 
Software’s]  Jive  Forums  [discussion  forum] 
platform  in  place,  and  pockets  of  instant  mes¬ 
saging  rolled  out.  We’re  also  starting  to  look  at 
persistent  instant  messaging,  as  supported  by 
a  product  called  MindAlign  that  Microsoft 
just  bought. 

But  it’s  not  really  about  the  tools;  it’s  more 
about  what  you  get  from  the  tools.The  real 
value  that  we’re  trying  to  get  —  and  what  I’m 
trying  to  drive  toward  —  is  what  Web  2.0  is 
supposed  to  bring  to  an  enterprise. Web  2.0  is 
all  about  harnessing  collective  intelligence, 
discoverability  low-barrier  tools,  emergent 
structures,  collaboration,  unintended  use  and 
community  They  are  the  factors  that  we’re  real¬ 
ly  starting  to  try  to  figure  out.  How  can  we 
drive  to  those  using  these  different  tools?  What 
can  they  bring  us? 

Let's  start  by  explaining  that  first  one, 
harnessing  collective  intelligence. 

That’s  the  ability  to  actually  gather  knowl¬ 
edge.  So,  in  the  context  of  collaboration,  how 
can  we  create  tools,  how  can  we  put  in  place 
models  that  allow  people  to  collaborate  who 
maybe  naturally  wouldn’t  collaborate?  I  don’t 
believe  that  if  you  put  a  tool  out  there,  and 
you  say ‘Everybody  collaborate  now  because 
it’s  for  the  better  of  the  company’  that  it’s  actu¬ 
ally  going  to  happen.You  collaborate  around 
a  community  that  forms  naturally  And  that’s 
the  thinking  that  we’re  trying  to  bring  to  the 
enterprise.  How  can  we  better  enable  what  I 
call  ‘smart  information’ or  making  content 


smarter  so  that  we  can  make  our  employees 
smarter?  By  making  our  employees  smarter, 
we  then  ultimately  make  our  clients  more 
informed. 

OK,  how  about  the  other  tenets? 

Discoverability  is  basically  the  ability  to  get 
the  content  into  forms  or  formats  so  it  can  be 
discovered. That’s  the  linkable  model  that’s 
used  on  the  Web,  so  everything  is  discover¬ 
able.  If  information  is  locked  in  an  e-mail 
somewhere,  it’s  not  discoverable.  If  it’s  not  dis¬ 
coverable,  then  it  cannot  create  community. 
Low-barrier  tools  are  really  important.  We 
cannot  create  friction  for  our  associates. 
With  traditional  Web  content  tools,  it  tends 
to  be  difficult  to  enter  content.  Wikis  are 
public-authorship-type  tools.  It’s  ‘what  you 
see  is  what  you  get.’You  may  even  have  the 
ability  to  author  content  in  Word,  and  then 
push  a  button  and  publish  it  out. That’s  why 
blogs  exploded  —  because  [publishing] 
became  easy.  If  you  think  about  Web  1.0,  it 
was  about  creating  Web  pages  and  knowing 
HTML.  How  many  people  do  you  know  who 
have  a  blog  also  know  HTML?  Emergent 
structure  is  what  emerges  from  the  collision 
of  this  information. That’s  where  tagging  and 
folksonomies  and  discoverability  come  in.  1 
can  tag  a  piece  of  content  and  not  know 
that  Brian  down  the  hall  had  another  piece 
of  content  that  he  tagged  similarly,  and  all  of 
a  sudden  there’s  a  relationship  between 
those  two  pieces  of  content. 

What  do  you  mean  by  folksonomy? 

Thomas  VanderWal  coined  the  term  folksono¬ 
my  in  2005  to  mean  an  ordered  set  of  cate 
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Getting  Personal:  Kirk  Kness 


Title: 

Vice  president 

Company: 

T.  Rowe  Price  Associates 

Responsibilities: 

Innovation  and  strategy  for  IT,  working  with  the  business 
to  think  differently  about  new  products,  employing 
emerging  technologies  and  creating  a  more  effective 
process  for  innovation. 

IT  budget: 

About  $200  million 

Number  of  IT  staff: 

About  800 

Education: 

Bachelor  of  MIS,  Loyola  College,  Baltimore 

Previous  jobs: 

Was  a  database  administrator  at  Blue  Cross  Blue  Shield 
of  Maryland  and  CSX  Corp. 

First  PC: 

"My  first  PC  was  the  very  first  IBM  PC  that  ever  came 
out,  because  my  dad  worked  for  IBM.  We  had  one  in  1981. 
Whatever  that  thing  was  called,  we  had  one." 

First  Internet  experience: 

“Probably  eBay.  1  was  signed  up  for  that  right  when  it 
came  out.” 

Home  network: 

Three  PCs  and  two  laptops  on  a  wireless  network. 

Words  to  live  by: 

“Don’t  think  of  things  as  they  are,  think  of  them  as  they 
can  be.” 

gories  that  emerges  from  how  people  tag 
items.This  is  directly  out  of  a  book  called 
Everything  is  Miscellaneous. That’s  as  opposed 
to  a  taxonomy  which  is  when  information  is 
tagged  upfront  and  then  you  try  to  follow  that 
order.  Folksonomy  is  when  the  order  emerges 
by  the  way  it’s  tagged.  Aren’t  you  glad  I  have 
this  book  [Everything  Is  Miscellaneous:  The 
Power  of  the  New  Digital  Disorder,  by  David 
Weinberger,  2007]  in  front  of  me? 

Yes,  I  am. 

So,  that’s  emergent  structures. The  next  one  is 
collaboration,  which  is  an  outgrowth  of  how 
these  things  fit  together.  Unintended  use  was 
the  next  one,  which  gets  to  facilitating  the 
ability  for  unintended  use. You  may  have  a  sit¬ 
uation  where  information  that  was  created 
for  one  context  is  viable  in  a  second  context. 
A  good  example  is  when  Google  launched 
Google  Maps  and  then  somebody  built  an 
application  that  basically  did  a  mash-up 
between  Craigslist  and  Google  Maps.  It 
showed  on  a  Google  Map  exactly  where 
apartments  for  rent  in  Chicago  were  located. 
Google  didn’t  intend  for  Google  Maps  to  be 
used  that  way  but  it  spawned  a  whole  other 
way  of  looking  at  something. 

Community  is  basically  allowing  the  emer¬ 
gence  of  community  allowing  people  to  inno¬ 
vate  by  being  able  to  share  and  communi¬ 
cate  with  each  other. 

Gan  you  give  an  example  of  how  all  this 
plays  out  in  practice? 

Sure.  Say  1  had  a  call  that  came  into  our 
Colorado  call  center  and  the  topic  may  have 
been  about  a  particular  policy  say  a  new  IRS 
policy  around  the  Katrina  disaster,  and  how 
they’ve  eased  up  on  a  tax  deadline.The  rep 
doesn’t  know  anything  about  it,  so  he  gets  a 
hold  of  a  liaison  and  the  liaison  finds  the  rel¬ 
evant  information  and  sends  it  back  to  the 
rep,  who  informs  the  client  about  what  the 
ruling  is.  Now,  what  if  another  person  calls  in 
to  our  Tampa  call  center  with  the  exact  same 
question?  The  ability  to  know  that  that  infor¬ 
mation  exists  can  make  our  reps  more 
informed  and  more  intelligent,  which  makes 
our  clients  more  informed  and  more  intelli¬ 
gent.  Instead  of  saying, ‘I  have  to  get  back  to 
you  on  that’  the  rep  can  more  intelligently 
find  this  information. Web  2.0  is  really  about 
information  coming  to  you  and  to  your 
space,  where  Web  1 .0  was  you  go  out  and 
search  for  everything. 

The  call  center  is  where  you're  using  the 
Confluence  wiki  tool,  right? 

Right.  In  that  particular  case,  we’re  using 
forums  and  wikis  to  document  transactions. 
We’re  using  tagging  so  that  people  can  more 
easily  find  information,  and  we’ve  got  RSS 
feeds  attached  to  that  information  so  it  gets 
published  and  is  instantly  available  to  anyone 
who  has  subscribed  to  a  given  topic. 

I  would  imagine  you’ve  got  lots  of  different 
topics  to  deal  with.  How  do  you  make 
sense  of  them  all? 


That’s  a  really  valid  point. Where  we  started 
with  this  is  tax  and  IRA  information,  and 
we’re  starting  to  branch  out  from  there.  So, 
we’ve  organized  our  topics  at  the  highest  lev¬ 
els  around  things  like  contribution,  moving 
assets,  redemptions  and  taxes.  So,  instead  of 
[defining]  a  brokerage  contribution  and  a 
529  contribution  and  a  mutual-fund  contribu¬ 
tion  or  annuity  contribution,  it’s  organized 
around  contribution  itself.  Underneath  that, 
you  can  find  how  it  applies  to  brokerage  or 
529s  or  whatever. 

If  I’m  a  call  center  rep  and  I  get  a  call 
about  a  tax  question,  how  do  I  find  infor¬ 
mation  that  will  help  me? 

A  couple  of  different  ways.  We  built  this  col¬ 
laboration  platform  that  they  can  go  into  that 
has  a  base-level  navigation  based  on  the  top¬ 
ics  I  just  described  —  contribution,  redemp¬ 
tion  or  whatever.  We’ve  also  got  a  Google 
search  engine  in  place  where  they  can 
search  on  that  topic  across  more  information 
[beyond  what’s  in  the  collaboration  plat¬ 
form]  .We’ve  got  RSS  feeds  set  up  so  they  can 
look  at  the  recently  updated  information,  if 
they’re  just  browsing  for  information.  And 
we’ve  got  tagging  in  place. We  do  use  a  taxon¬ 
omy  where  they  can  tag  content  the  way  they 
see  it.  So,  ultimately,  it  starts  to  create  emer¬ 
gent  structures  around  the  organization  of 
content. 

What  effect  have  the  tools  had  in  your  call 
centers? 

We’re  now  able  to  much,  much  more  quickly 
get  content  available.  We’ve  been  able  to 
remove  blocks  around  content  flow  and 
around  content  authorship.  We’re  basically 
making  it  easier  to  fix  content,  as  opposed  to 


hard  to  enter  content. 

What  would  you  say  has  surprised  you  the 
most  about  your  deployment  so  far? 

Two  things.  One,  the  adoption  rate  surprised 
me.  It’s  actually  catching  on  like  wildfire.  And 
I  don’t  know  why  that  would  have  surprised 
me,  but  it  did  to  a  degree.The  second  thing  is 
the  fact  that  the  reps  have  the  ability  to  com¬ 
ment  and  tag  content,  yet  they  don’t  do  it, 
because  they  don’t  think  they  can.  We  have  to 
tell  people, ‘Hey  you’re  allowed  to  comment, 
and  you’re  allowed  to  tag  that  content.’ And 
that’s  a  cultural  thing.  But  we’re  playing 
through  that. 

Any  big  disappointments? 

Probably  not  at  this  point.  I  will  tell  you  we 
definitely  have  some  churning  going  on.  And 
here’s  an  example.  I  met  with  one  of  the  head 
guys  yesterday  and  he  made  this  analogy 
which  I  thought  was  really  good.  He  says, 

‘Kirk,  this  is  what  I  see.  It’s  kind  of  like  you’re 
in  a  motorboat,  flying  across  this  perfectly 
pristine  lake,  going  a  million  miles  an  hour.  It’s 
smooth  sailing  for  you,  but  I’m  in  the  back  of 
the  boat,  looking  behind,  watching  you  churn 
the  water. You’re  digging  up  stuff  all  over  the 
place. You’ve  got  to  turn  around  every  now 
and  then  and  look  because  I’m  the  one 
catching  this  stuff.’  His  point  was  that  you 
have  to  recognize  these  tools  can  present  big 
changes,  and  they  do  make  waves. You  just 
have  to  be  cognizant  of  that  and  look  back 
once  in  a  while. 

Desmond  is  events  editor  for  Network  World 
and  president  of  PDEdit,  an  IT  publishing  com¬ 
pany  in  Southborough,  Mass.  Reach  him  at 
paul@pdedit.  com. 
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Information  Management 


_DAY  69:  All  we  need  is  one  specific  piece  of  info.  Gil 
almost  had  it,  but  his  hand  cramped.  How  are  we  supposed 
to  find  trusted  business  info  when  these  massive  volumes 
of  disparate,  conflicting  information  keep  pouring  in? 

_Gil  just  grabbed  a  stuffed  panda. 

_DAY  71:  The  answer:  IBM  solutions  for  leveraging  information. 
Now  we  can  cleanse  info  and  standardize  source  data  fields 
for  consistency  and  accuracy.  I  can  create  a  single, 
comprehensive  and  accurate  record  of  info  across  our  source 
systems.  Finally,  I  can  provide  a  unified,  trusted  view  of 
our  information  so  everyone  can  make  better  decisions. 

_0ur  view  of  our  data  is  now  scalable.  Just  in  time  —  I  think 
we  ran  out  of  quarters. 


Download  the  Innovation  and  Competitive  Advantage  white  paper: 

IBM.COM/TAKEBACKCONTROL/ACCURATE 


Presence  comes  to  P&G 

Presence-based  collaboration  tools  help  employees  shake  the  e-mail  habit, 
make  decisions  faster  and  save  millions  of  hours  of  time 


BY  PAUL  DESMOND 

When  Procter  &  Gamble  CEO  A.  G.  Lafley  set  out  to  create 
the  worlds  most  collaborative  company,  the  challenge  fell 
heavily  on  Laurie  Heltsley.  The  director  for  special  projects 
at  the  P&G  Global  Business  Services  unit  responded  in 
force,  helping  to  usher  in  a  desktop  upgrade  that  put  collaboration 
tools  front  and  center  on  about  80,000  machines.  The  tools  give 
employees  an  extra  15  to  20  minutes  a  day  by  making  it  easier  for 
them  to  reach  one  another  and  get  the  information  they  need  to  make 
decisions. 


You  first  embarked  on  your  collaboration 
effort  in  2005.  What  were  you  trying  to 
achieve? 

The  idea  was  to  integrate  desktops  in  mean¬ 
ingful  ways  so  people  became  more  aware 
of  each  other.  Presence  was  an  important 
aspect  of  what  we  were  trying  to  infuse  into 
the  desktop:  making  individuals  more  pro¬ 
ductive  and  in  the  process,  making  the  com¬ 
munity  more  generally  aware  of  your  pres¬ 
ence  —  including  how  to  contact  you,  how 


to  quickly  find  information  about  you,  [such 
as]  where  you  are,  your  business  unit,  your 
phone  number.  And  you’re  always  two  or 
three  clicks  away  from  a  call  or  a  chat  rather 
than  people  having  to  look  you  up  in  a 
directory. 

You're  using  Microsoft  Live 
Communication  Server  and  Office 
Communicator  2005  client,  which  includes 
instant  messaging.  What  other  collabora¬ 


tion-related  features  are  you  using  from 
that  suite? 

We  were  certainly  after  the  robust  presence 
features.  And  presence  in  the  Microsoft  con¬ 
text  permeates  the  e-mail  client,  which  is 
Outlook,  and  Office  applications  like  Word 
and  Excel  and  PbwerPoint.  [P&G  is  using 
Office  2003  globally  and  is  making  Office  2007 
available.]  E-mail  is  a  huge  business  tool  at 
Procter  &  Gamble.  I  would  describe  us  as 
being  very  e-mail-centric  but  evolving  towards 
other  types  of  collaborative  and  more  real¬ 
time  tools.There  is  also  the  group  or  team 
software  encapsulated  in  ShareFbint  Server 
2007  from  Microsoft.  Again,  presence  perme¬ 
ates  those  services.Teams  of  individuals  can 
congregate,  share  documents,  share  discus¬ 
sion,  share  announcements,  share  calendars. 

Are  you  using  other  collaboration  tools? 

We  use  a  number  of  tools  around  the  fringes 
of  all  of  that.  It’s  not  like  we’re  a  completely 
Microsoft  enterprise. We  have  a  lot  of  innova¬ 
tion  in  progress  with  companies  like  Google 
and  are  testing  Google  Search. We’ve  had 
conversations  with  Skype  and  are  experi¬ 
menting  with  that  for  online  phone  services. 
And  we  maintain  relationships  with  other 
companies  that  are  also  trying  to  evolve  in 
the  same  space,  like  SAPSeibel  and  others. 
Each  of  those  tools  and  software  suites  have 
their  own  collaborative  element.  We  use  SAP 
widely  across  the  company  For  the  general 
user  population,  we’ve  centered  ourselves 
around  the  desktop  and  the  core  desktop 
applications,  but  then  we  have  other  kinds  of 
software  that  may  be  more  functionally  spe¬ 
cific  or  business-unit  specific  that  also  have  a 
collaborative  element.  And  then  beyond  that 
we’re  big  into  audio-  and  videoconferencing. 
And  we’ve  been  experimenting  with  telepres¬ 
ence,  which  involves  elevating  that  video 
capability  into  a  more  real-time,  life-size,  envi¬ 
ronmental  kind  of  capability 

I  understand  your  philosophy  was  not  to 
force  collaboration  tools  on  your  employ¬ 
ees  but  create  demand  for  them.  Gan  you 
explain  how  you  do  that? 

About  two  years  ago  I  sort  of  banned  the  use 
of  the  word  ‘deploy’  and  said,  we’re  not  going 
to  deploy  anything  anymore.  We’re  going  to 
put  this  product  on  the  shelf,  and  we’re  going 
to  have  people  adopt  it  willingly.  And  the  rea¬ 
son  they  will  do  that  is  because  we’re  going 
to  make  the  story  and  the  business  case  so 
compelling  that  they  absolutely  can’t  refuse. 
For  all  of  the  products  we  now  have  in  the 
hands  of  employees  around  the  world,  in 
almost  100%  of  the  cases  they  went  and  got 
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Getting  Personal:  Laurie  Heltsiey 


Title: 

Director  for  special  projects,  P&G  Global  Business 
Services 

Company: 

The  Procter  &  Gamble  Co. 

Responsibilities: 

Manage  strategic  projects  for  the  Global  Business 
Services  unit. 

Education: 

Bachelor's  degree  of  Science,  Western  Kentucky  University, 
emphasis  in  computer  science  and  mathematics. 

Previous  jobs: 

Vice  president  of  MIS  at  Southwestern  Publishing; 
responsible  for  IT  infrastructure  at  Fruit  of  the  Loom. 

First  PC: 

“Timex  Sinclair  was  plugged  into  aTV  and  it  ran  Basic. 

1  got  it  because  it  was  little.  Even  then  1  was  looking  for 
the  smallest,  most  portable  computer  1  could  find." 

First  Internet  experience: 

“A  guy  came  into  my  office  and  told  me  he  was  writing 
this  app  for  the  Internet.  1  remember  telling  him  what  a 
fad  it  was  and  he  should  stop  wasting  his  time  and  get 
back  to  work  on  J.D.  Edwards  accounting  software." 

Home  network: 

Each  room  is  outfitted  with  an  Ethernet  jack,  and  a 
wireless  network  operates  throughout  the  house. 

Words  to  live  by: 

"Keep  everything  in  perspective  and  have  a  good  time." 

the  software  and  willingly  put  it  on  their  desk¬ 
tops  and  engaged.  What  you  get  is  a  popula¬ 
tion  that  isn’t  resisting  you  from  the  begin¬ 
ning.  And  the  whole  fear  factor  and  resist¬ 
ance  to  change  is  greatly  diminished  when 
you’re  making  a  choice  rather  than  being 
given  a  mandate. Today,  our  measurements 
tell  us  we’ve  saved  employees  about  1 1 1  mil¬ 
lion  minutes  worth  of  time  [as  of  late 
September  2007] .  [Ed  note: That  translates  to 
more  than  231,000  8-hour  days.] 

How  do  you  do  capture  that? 

We  take  some  typical  tasks  that  an  office 
worker  does  and  have  them  complete  the 
tasks  using  their  old  way  of  doing  things. 

Then  we  go  back  and  have  them  complete 
the  same  tasks  [using  the  collaboration  tools] 
and  measure  the  difference.  We’ll  do  that  for 
a  sample  size  that  is  statistically  relevant.  We 
also  do  a  lot  of  user  surveying  to  understand 
the  degree  of  satisfaction  with  our  services. 
Unlike  previous  deployments,  we  have  not 
seen  a  dip  in  user  satisfaction  associated  with 
the  change.  In  fact,  we’ve  seen  user  satisfac¬ 
tion  elevate  by  two  tenths  of  a  point  on  a  10- 
point  scale.That’s  unprecedented.  And  the 
final  thing  we  do  is  we  ask  them, ‘Do  you  feel 
that  these  tools  are  saving  you  time  and,  if  so, 
about  how  much?’  In  many  cases,  people  are 
saying  that  they’ve  been  saving  15,20  minutes 
a  day  as  a  result  of  doing  things  differently 
Our  users  are  reporting  that  themselves;  it’s 
not  something  that  we  manufactured  for  a 
PowerPoint  presentation. 

What  collaboration  applications  have  been 
more  successful  than  others? 

In  the  last  year  or  two,  our  use  of  audiocon¬ 
ferencing  and  video  in  general  as  a  collabo¬ 
ration  tool  has  accelerated  —  has  gone 
through  the  roof  in  many  cases.  Our  investiga¬ 
tion  into  telepresence  is  a  result  of  that.  I  firm¬ 
ly  believe  that  video  will  be  the  next  true 
enabler  for  the  enterprise,  and  we’ll  be  the 
second  ones  to  know  [because]  the  con¬ 
sumer  market  has  latched  on  to  video  in  a 
big  way  Much  of  what  we  still  do  today  textu- 
ally  or  verbally  you  can  capture  so  much 
more  efficiently  [with  video] .  For  example, 
training  video-on-demand  has  been  relevant 
for  a  while  now. There  are  so  many  more 
opportunities  where  a  message  needs  to  be 
delivered  or  a  demonstration  needs  to  occur. 
Video  could  play  a  role  there  in  providing  a 
much  more  efficient  delivery  mechanism 
than  traditional  means.  So,  we’re  looking  at 
that  really  hard,  and  that’s  in  addition  to  tradi¬ 
tional  videoconferencing,  which  has  its  pur¬ 
pose,  and  audioconferencing,  which  is  huge 
here.  Our  audioconferencing  minutes  have 
probably  tripled  in  the  last  five  years. 

Presence  technology  has  been  tremendous 
because  it  opens  the  window  to  connecting 
with  other  employees.  If  you  have  front  and 
center  on  your  desktop  some  of  these  power¬ 
ful  presence  applications  —  and  Microsoft 
Office  Communicator  is  one  of  those,  there 
are  others  —  from  there  you  can  do  things 


like  initiate  a  videoconference,  initiate  a 
phone  call,  initiate  an  audioconference,  initi¬ 
ate  even  an  application-sharing  session.  I  can 
initiate  a  file  transfer.  So,  there  are  lots  of 
things  that  I  can  drive  off  of  presence  just  by 
virtue  of  the  fact  that  I  know  you’re  sitting 
there  right  now,  and  you’re  available.  A  typical 
e-mail  conversation  might  be  a  serial,  lengthy 
event  if  I  have  to  bounce  a  conversation  back 
and  forth  over  the  course  of  a  day  or  two. 
Today,  I  attempt  that  because  it’s  a  habit.  But  I 
will  immediately  be  coached  by  the  collabo¬ 
ration  tools  to  instead  reshape  the  conversa¬ 
tion  into  an  immediate  one  via  phone  or 
chat.  If  I  type  Lisa’s  name  into  the  destination 
address  line,  my  e-mail  client  will  tell  me  that 
she’s  online  right  now  and  I  can  just  click  on 
her  and  talk  to  her  rather  than  send  an  e- 
mail.And  if  I  can’t  reach  Lisa,  all  right,  who 
can  I  reach?  Who  can  answer  this  quickly?  It 
helps  accelerate  the  pace  of  our  work.  1  can 
take  care  of  the  matter  at  hand  immediately 
rather  than  stretch  it  out  in  a  serial  e-mail 
fashion  over  a  day  or  two. 

We’ve  had  instant  messaging  since  1999  or 
2000.The  difference  is,  it  was  a  separate  entity 
on  your  desktop. You  had  to  go  there  inten¬ 
tionally  And  that’s  not  your  first  instinct  if 
you’re  habitually  pushing  business  through  e- 
mail.And  being  an  e-mail-centric  company,  it 
was  hard  to  move  people  out  of  there.  Having 
presence  tools  that  are  integrated  with  e-mail, 
as  is  the  case  with  [Live  Communication 
Server]  and  [Office  Communicator]  and 
Outlook,  gives  us  more  immediacy. 

What  about  application-sharing?  How 
much  of  that  is  going  on? 

Everybody  uses  NetMeeting  to  share  applica¬ 
tions  with  someone  else.  I  might  be  working 
on  a  spreadsheet  that  I  need  Lisa  to  review. 


We  could  edit  them  together  and  we’re  done. 
That  happened  in  12  minutes  versus  12  hours 
if  you  bounce  the  file  back  and  forth  as  an  e- 
mail  attachment.  The  presence  engines  we 
have  are  capable  of  driving  those  kinds  of 
application  sharing  sessions. You  can  start  a 
chat  and  an  application  share  right  out  of  the 
same  interface. 

Has  anything  disappointed  you  about  the 
collaboration  technology? 

I’m  someone  who  looks  down  the  road.  I’m 
looking  at  that  next  horizon  now. What  disap¬ 
points  me  a  bit  is  that  as  far  as  we’ve  come 
with  the  introduction  of  these  collaboration 
tools,  I  still  think  we  have  quite  a  ways  to  go 
both  technologically  and  culturally  to  really 
work  at  our  peak.  I  mentioned  video  earlier.  I 
believe  video  is  going  to  be  transformational 
in  this  company  in  terms  of  collaboration. 
Now,  looking  at  that  next  horizon,  I  know  how 
much  more  we  can  do  and  what  the  opportu¬ 
nities  are.  I  want  to  get  this  [initial  phase] 
behind  us  and  provide  the  leadership  neces¬ 
sary  to  get  to  that  next  horizon.  So,  it’s  not  so 
much  a  disappointment  —  just  maybe  a  bit  of 
fatigue,  knowing  that  we’ve  gotten  so  far  and 
done  so  well,  and  we’ve  still  got  so  far  to  go. 

Desmond  is  events  editor  for  Network  World 
and  president  of  PDEdit,  an  IT  publishing  com¬ 
pany  in  Southborough ,  Mass.  Reach  him  at 
paul@pdedit.  com. 
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_DAY  84:  Feeling  really  disconnected.  We’re  not  getting  the 
most  out  of  our  existing  assets.  Service  and  application 
integration  is  a  nightmare.  Our  connections  are 
restrictive.  We’ve  got  to  stop  working  on  these  islands. 

.Please  rescue  me  from  this  lack  of  connectivity. 

.DAY  87:  I’ve  taken  back  control  with  IBM  WebSphere  solutions. 
Now  we  can  service-enable  and  connect  our  existing 
assets  for  mission-critical  goals.  We  can  reuse  existing 
applications  and  save  money  by  eliminating  redundant 
systems.  Now  we’re  ready  for  any  SOA  integration  project. 

.Plus,  no  more  jellyfish  stings. 


Download  the  enterprise  service  bus  white  paper  at: 

IBM.COM/TAKEBACKCONTROL/CONNECT 


Building  virtual  worlds  at  Boeing 

Creating  simulated  wartime  environments  takes  close  collaboration,  but  it’s 
the  process  rather  than  the  tools  that  determines  success 


BY  PAUL  DESMOND 

Want  to  see  how  an  F-l  6  will  react  to  the  latest  antiaircraft 
weapons?  Tip  Slater  is  your  man. 

As  director  of  virtual  operations  for  The  Boeing 
Company's  Integrated  Defense  Systems  group,  Slater  is 
responsible  for  creating  virtual  environments  that  Boeing 
customers,  chiefly  the  U.S.  Department  of  Defense,  use  to  test  the  lat¬ 
est  wares  and  ideas.  His  team  of  engineers  must  collaborate  effec¬ 
tively  to  make  sure  the  events  live  up  to  customer  expectations  and 
go  off  without  a  hitch.  Boeing  uses  various  tools  to  collaborate 
among  its  far-flung  business  units,  but  Slater  says  it's  the  processes 
surrounding  the  tools  that  determine  whether  they  do  any  good. 


Let’s  start  with  an  explanation  of  what  your 
job  entails? 

I  belong  to  an  organization  called  Analysis 
Modeling  Simulation  Experimentation.  Our  job 
is  to  create  an  environment  in  which  we  can 
test  out  concepts  and  ideas  for  our  customers, 
the  majority  of  which  are  military  If  a  cus¬ 
tomer  wants  to  try  a  wartime  scenario,  he  can’t 
afford  to  fly  or  move  all  the  military  [equip¬ 
ment]  that  he  wants,  and  you  can’t  afford  to 
blow  it  up  either.  So  our  job  is  to  pull  together 
this  synthetic  environment  so  we  can  test  out 
a  concept  or  a  hypothesis.  For  example,  we 
have  an  F-16  flying  over  the  desert  in  southern 
California,  and  the  pilot  will  see  on  his  radar 
all  of  the  virtual  and  computer-generated  enti¬ 
ties  that  we  have  that  environment. 

And  LabNet  is  the  network  that  connects  the 
various  Boeing  labs  that  may  participate  in 
these  events? 

Yes. We  usually  operate  about  70  to  100  labs 
on  the  network  at  any  one  time.  We’ve  got  the 
capability  of  connecting  [all  700  Boeing  labs] , 
but  we’ve  never  done  it.The  network  is  very 
fast  and  very  capable.  1  can  only  handle  proba¬ 
bly  10  milliseconds  of  latency  before  the  pilot 
actually  sees  it  on  the  screen. 

What  is  the  role  of  Web  2.0  and  other  collab¬ 
orative  technologies  in  that  environment? 

When  we  run  an  event  it’s  like  a  production. 
Behind  the  scenes  we’ve  got  a  number  of  peo¬ 
ple  at  each  of  the  labs  who  are  managing  the 
network  and  the  visualization  that’s  going  on. 
And  the  tools  that  they  use  to  collaborate  are 
instant  messaging  and  some  unique  voice  sys¬ 
tems.  It’s  like  behind  the  scenes  of  Monday 
Night  Football. The  event  producer  is  connect¬ 
ed  to  all  the  labs  that  are  involved  in  the  event 
and  maintaining  the  control  of  the  operation. 


Those  are  the  collaboration  tools  to  make  sure 
that  the  system  operates. 

What  collaboration  technologies  do  you  use 
to  get  work  done  more  effectively? 

When  we  set  up  a  demonstration  or  an  experi¬ 
ment  we  have  to  bring  people  from  across  the 
enterprise  to  make  it  work.That’s  where  we  use 
collaborative  tools.  For  each  event  we  set  up 
an  event  site  using  Microsoft  ShareBoint. 

People  can  post  their  announcements  in  there 
and  drop  in  briefs  and  so  forth. We  use 
Microsoft  Project  on  SharePoint  as  a  commu¬ 
nication  platform.  Information,  charts,  notes, 


schedules  and  such  are  posted  there,  as 
opposed  to  using  e-mail. We  use  WebEx  rou¬ 
tinely  [for Web  conferencing]. 

We’re  just  starting  to  use  wikis  to  help  build 
events.  We’re  using  instant  messaging,  primarily 
when  the  software  folks  are  working  on  cod¬ 
ing.  We’re  looking  at  bringing  in  some  collabo¬ 
ration  tools  that  will  let  us  do  computer-to- 
computer  collaboration. We’re  evaluating  is 
called  the  TouchTable,  [which  is  a  computer¬ 
ized  table]  that  exists  in  two  locations  and 
both  operators  are  looking  at  the  same  screen. 
And  they  can  expand  the  screens,  contract  the 
screens;  there’s  a  lot  of  visualization  involved. 
They  can  be  looking  at  a  map  and  deciding 
what  to  use  as  a  target  area. 

What  about  digital  white  boarding? 

We  use  digital  white  boards  in  different  areas. 
One  is  facility  management,  where  we  have 
three  facilities  that  we  operate  at  the  same 
time  with  customers  in  all  three  of  our  [major 
event]  locations.They’ll  use  the  digital  white 
boards  to  describe  what  the  screen  layout  for 
all  the  three  locations  is  looking  like,  and  how 
we  are  going  to  handle  the  customers  in  each 
location.  And  the  network  operators  will  use 
the  digital  white  board  to  describe  things  like 
their  network  design  for  any  given  operation. 
We’re  moving  some  of  the  networks  overseas 
and  we  hook  into  other  organizations’  net¬ 
works,  and  there  are  a  number  of  rules  and 
regulations  that  we  have  to  have  on  how  the 
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networks  are  designed  to  meet  government 
and  company  requirements.  So  they’ll  use  the 
digital  white  board  to  talk  to  each  other  across 
the  ocean.  We’ve  been  doing  that  for  about  a 
year  and  a  half. 

What's  been  your  approach  to  getting  people 
to  use  these  collaboration  tools? 

Before  we  purchase  a  tool  we  say  what’s  the 
concept  of  operations?  In  other  words,  how 
are  you  going  to  use  this?  We  just  can’t  go  buy 
a  tool  and  throw  it  out  there. We  did  that  about 
four  or  five  years  ago, and  nobody  used  them. 
You  need  to  have  buyoff  where  a  couple  of 
organizations  say ‘Yes,  we’ll  use  it  and  here’s 
the  concept  we  have  in  mind.’That’s  enough  to 
kick  it  off. 

But  can  you  really  predict  how  you're  going 
to  use  the  tool  before  you're  actually  using 
it? 

The  concept  of  operation  is  there  to  ensure 
that  you  have  more  than  one  person  agreeing 
to  the  fact  they're  going  to  use  the  tool. Then 
you  initiate  the  concept  and  it  usually  morphs 
into  something  else.  Which  is  fine,  because  that 
just  means  people  are  using  it.  Probably  80 
percent  of  the  time  we  end  up  using  the  tool 
differently  than  we  thought  we  were  going  to. 
What  you  don't  want  to  do  is  have  a  smart 
engineer  who's  very  articulate  come  in  and 
sell  an  idea,  and  we  buy  a  tool  and  nobody 
else  uses  it.  It  just  languishes. 

Have  you  been  able  to  determine  any  kind  of 
ROI  on  any  of  these  collaboration  tools? 

I  cannot  put  a  number  to  it.  But  the  rule  of 
thumb  in  our  operation  is,  we  have  to  main¬ 
tain  the  same  number  of  people  but  expand 
our  capability  every  single  year.  I’ve  got  to 
expand  the  [simulation]  environment  that  I 
described  earlier.  I’ve  got  to  take  it  to  more 
places,  integrate  more  labs  and  more  capabili¬ 
ties,  and  I’ve  got  the  same  number  of  people  to 
do  it.  And  we’ve  been  able  to  do  that. 
Collaboration  is  the  key  to  making  this  work. 
I’ve  got  the  same  number  of  people,  they’re 
located  across  the  enterprise,  and  I’ve  got  to 
do  more  things  every  day  than  I  did  yesterday 
The  only  way  we  can  get  there  is  with  collabo¬ 
ration  tools.  It  also  requires  us  to  change  the 
way  we  operate,  so  we’re  constantly  looking  at 
tools  and  operational  concepts.  In  other 
words,  how  do  we  manage  what  we’re  doing? 
It’s  a  constant  battle.There  are  two  key  ele¬ 
ments  to  this.  Management’s  role  is  to  provide 
the  direction,  the  vision  and  the  tools.  And 
then  the  engineer’s  role  is  to  provide  the  pro¬ 
cesses  around  how  to  use  the  tools  and  to 
standardize  the  way  we’re  doing  things. You 
can  put  the  tools  in  place  but  if  you  don’t  have 
a  common  language  or  common  process,  they 
don’t  help  you.  We’ve  also  put  together  a  team 
of  folks  to  look  at  the  different  software  and 
hardware  tools  that  we  use  across  this  LabNet 
enterprise.  We  have  representatives  from  every 
site  on  that  team,  working  on  which  tools 
they’re  going  to  use  and  how  they’re  going  to 
do  it.That’s  been  in  place  about  a  year. 


Getting  Personal:  Tip  Slater 


Title: 

Director  of  virtual  operations 

Organization: 

The  Boeing  Company,  Integrated  Defense  Systems 
group 

Responsibilities: 

Develop  and  operate  a  high-speed  network  that  allows 
interaction  among  all  Boeing  laboratories.  Support 
experiments  and  demonstrations  built  within  a  Live 
Virtual  and  Constructive  environment. 

Number  of  IT  staff: 

Approximately  100 

Education: 

Masters  in  aeronautical  science’s  degree  from  Embry 
Riddle  Aeronautical  University;  bachelor’s  degree  in 
business  from  LowellTechnological  Institute. 

Previous  jobs: 

Deputy  director  strategic  architecture  for  Boeing,  leading 
network-centric  operations  for  the  company;  U.S.  Air 
Force:  27  years  as  a  flier  in  reconnaissance  aircraft,  staff 
officer  working  CENTCOMs  command  and  control 
airborne  systems,  and  communications  officer,  which 
included  large  computer  acquisitions. 

First  PC: 

TRS  80  with  chicklet  keyboard  and  a  tape  deck  for 
memory  storage.  Wrote  in  Basic  and  decided  purchasing 
software  was  easier. 

First  Internet  experience: 

1987,  sending  work  information  from  a  Mac. 

Words  to  live  by: 

"It's  not  that  hard.” 

And  how  is  that  working  out  so  far? 

Actually,  pretty  good.  People  truly  do  under¬ 
stand.  We  only  have  so  much  budget  and  you 
can’t  afford  to  buy  different  tools  to  do  the 
same  thing  for  all  the  different  sites.  It’s  just  not 
cost  effective. 

What  would  you  say  has  surprised  you  the 
most  about  your  deployments  of  collabora¬ 
tion  technology? 

I  expected  the  tools  to  give  us  more  than  they 
gave  us,  but  what  it  boils  down  to  is  the  culture 
of  the  organization.  When  you  go  across  the 
country  you’ll  find  different  cultures  in  the  dif¬ 
ferent  organizations  you’re  working  with,  even 
though  they  work  for  the  same  company  Until 
you  get  the  cultures  to  agree  to  a  common  ter¬ 
minology  and  a  common  process,  the  tools 
don’t  enable  anything  to  happen. 

What's  been  the  most  challenging  aspects  of 
implementing  collaboration  tools? 

That  gets  back  to  the  culture  thing.  I’m  current¬ 
ly  in  Anaheim  and  have  sites  in  St.  Louis, some 
in  D.C.  and  some  in  Seattle.They’re  all  over  the 
place.  Each  site  has  a  number  of  tools  and  its 
own  processes.  And  they  came  from  other 
companies  —  Rockwell,  Boeing,  McDonnell 
Douglas,  they  had  all  their  processes.  So  a  lot 
of  these  people  are  very  experienced  engi¬ 
neers,  come  into  the  environment  with  ideas 
and  processes  and  procedures  that  came  out 
of  their  corporate  heritage.  We  bring  them  all 
together  and  say ‘You’re  now  going  to  collabo¬ 
rate  and  you’re  going  to  make  this  live  virtual 
constructive  environment,  and  all  these  labs 
are  going  to  work  together  in  this  environment 


and  they’re  going  to  produce  this  product.’ 

And  people  stand  up  and  say  that  sounds  like 
a  great  vision.  We  love  it.  We  want  to  work  it. 
Then  you  start  putting  the  tools  in  place  and 
they  say  wait  a  minute;  we  don’t  use  that  tool 
here  in  St.  Louis.You’ve  got  to  use  this  tool. 
Well,  where  did  that  tool  come  from?  What 
were  the  site  processes?  What  were  the  engi¬ 
neering  processes?  And  pretty  soon, you’ve  got 
this  chaotic  stuff  going  on. 

We’ve  had  to  bring  them  together  and  step 
back  and  say ‘Look,  you’re  working  at  the 
enterprise  level.  Forget  your  sites.  What  is  the 
enterprise  process  and  what  is  the  best  way 
we’re  going  to  move  forward  on  this?’ And  it’s 
taken  us  a  while  to  get  there,  but  we’ve  started 
chipping  away  the  different  tools,  and  people 
begin  to  realize  the  tool  isn’t  the  issue,  it’s  how 
you  use  the  tool  that’s  the  issue,  and  that  gets 
into  the  processes  and  how  you  develop  those 
processes.And  if  there  is  one  competitive 
advantage  I  think  we’ve  got  it’s  the  fact  that  we 
work  across  the  enterprise  and  we  recognize 
culture  is  probably  the  one  thing  that’s  going 
to  stop  us. We  have  to  attack  that  first  and  fore¬ 
most.  Any  company  or  enterprise  that’s  going 
use  collaboration  tools,  they’re  going  to  have 
to  approach  it  that  way  If  somebody  in  the 
United  States  wants  to  work  with  India  or 
Hong  Kong,  or  anywhere  else,  you’d  better  fig¬ 
ure  out  how  you’re  going  to  [work  together] 
first  before  you  add  a  tool  onto  it,  because 
the  tool  isn’t  going  to  do  anything  for  you. 

Desmond  is  events  editor  for  Network  World 
and  president  of  PDEdit,  an  IT  publishing  com¬ 
pany  in  Southborough,  Mass.  Reach  him  at 
paul@pdedit.  com. 


www.networkworld.com  •  OCTOBER  29,  2007  *  43 


.INFRASTRUCTURE  LOG 


_DAY  82:  There  are  so  many  risks  out  there.  So  many  things 
that  can  happen  to  our  business:  natural  disasters,  spikes 
in  traffic,  mergers.  How  do  we  prepare?  One  in  three 
companies  don’t  recover  from  unplanned  downtime.1  Would  we? 

_Gil  has  wrapped  everything  in  the  office  with  bubble  wrap. 
Everything.  Just  to  be  safe. 

_DAY  83:  Im  preparing  with  IBM  Business  Resilience  Solutions. 
IBM  Business  Continuity  Services  can  help  us  assess  our  risks 
and  design  a  proactive  plan  to  deal  with  them.  IBM  Tivoli  gives  us 
the  visibility  to  diagnose  and  fix  infrastructure  problems. 

And  the  robust  availability  features  of  the  IBM  System  p™  give 
us  maximum  uptime.  The  future  feels  so  much  safer  now. 

_No  more  bubble  wrap.  And  I  have  to  mail  a  package.  Great. 


Take  the  business  continuity  assessment  at: 

IBM.COM/TAKEBACKCONTROL/READY 


1  CLEAR  CHOICE  TEST  BLADE  SERVER 

HP’s  ‘shorty’  provides  new  angle 
on  blade  server  market 

c3000  series  rates  highly  for  storage  in  the  branch  office 


BY  TOM  HENDERSON  AND  RAND  DVORAK,  NETWORK  WORLD 
LAB  ALLIANCE 

The  big  question  when  we  opened  the  crate  containing  HP’s 
BladeSystem  c3000  Enclosure  was:  Is  this  thing  a  blade  server  or  is 
it  a  modular  server  put  into  a  6U  rack  profile?  It’s  a  bit  of  both. With 
its  brand-new  c3000  hybrid  chassis,  HP  has  remade  its  now-famous 
tower  enclosure  and  the  server’s  guts  into  a  flexible  blade-enclosure  for¬ 
mat,  retaining  all  the  niceties  of  discrete  servers  but  adding  the  flexibility 
of  rack/blade  modularity  HP’s  c3000  Enclosure  has  a  horizontal  blade 
design  that  can  accommodate  as  many  as  four  full-width  c-class  blade 
devices  or  eight  half-width  server  or  storage  blades. 

Unlike  HP’s  higher-end  c7000-class  blades,  the  c3000-family  blade 
server  is  not  the  typical  blade  enclosure  designed  to  be  piled  high  and 
deep  inside  a  network  operations  center.  Instead,  the  c3000  we  tested 
seems  best  suited  for  branch  offices  where  it’ll  take  up  just  the  first  six 
rack  spaces,  ostensibly  sharing  the  rack  real  estate  with  other  support¬ 
ing  equipment  (routers,  storage-area-network  blocks,  and  other  network 
devices  or  appliances). 

The  overall  performance  of  these  blades  was  quite  good,  but  we 
have  to  note  that  HP  knew  our  blade  server  tests  incorporate  a 
“green”  element  —  we  measure  the  electricity  required  to  drive 
these  things  —  and  shipped  low-end  CPUs,  thereby  optimizing  it  for 
low  power  consumption. 

HP  also  supplied  two  server  blades,  the  HP  BL460c  (based  on  a  64-bit 
Intel  dual-core  1.6GHz  Xeon  51 10  CPU;  this  is  the  slowest  one  shipped 
on  the  blade);  and  the  HP  BL465c  that  uses  Advanced  Micro  Devices’ 
2110  HE  CPU  (1.8GHz,  64-bit,  dual-core,  also  the  slowest  and  smallest 
shipped  with  an  AMD  CPU).  Both  server  blades  came  with  1GB  of  mem¬ 
ory  and  have  similar  serial-attached-SCSI  drive  connections. 

The  performance  characteristics  of  these  slower  server  blades 
matched  their  clock  rates.  The  slightly  faster  BL465c  turned  in  a 
faster  time  of  392.3  microseconds  vs.  the  BL460c’s  425.2  microsec  in 
the  LMBench3  (our  usual  comparison  test)  processor  fork+execve 
test,  which  tests  the  speed  of  context  shifting  and  memory  move¬ 
ment  and  allocation. 

The  interesting  part  is  that  the  AMD-based  blade  used  62  watts  at 
peak  during  the  test  sequence,  where  the  Intel  blade  needed  77  watts 


HP's  BladeSystem 
c3000  Enclosure  sports  a  horizon¬ 
tal  blade  design  that  accommo¬ 
dates  as  many  as  eight  half-width 
server  or  storage  blades. 


^  NETRESU  LTS 

BladeSystem  c3000  Enclosure  •  HP  •  www.hp.com 
NetResults:  4.63 
Price:  $22,100  as  tested. 

Pros:  Comprehensive  “data  center  in  a  box"  options;  strong 
management  and  deployment  tools. 

Cons:  Administration  tools  need  unification;  number  of 
options  available  is  staggering. 

m  mmm 


Action 

Weight 

Score 

Management/monitoring 

25% 

4.5 

Power  efficiency/performance 

25% 

4.5 

Flexibility/features 

25% 

5 

Serviceability 

25% 

4.5 

Total  score 

4.63 

Scoring  key:  5:  Exceptional;  4:  Very  good;  3:  Average;  2:  Below  average; 
1:  Subpar  or  not  available. 


at  peak.This  compares  with  a  recent  test  we  did  on  IBM’s  blades,  which 
at  a  faster  clock  rate  (2.66GHz)  executed  more  quickly  at  289.9 
microsec  in  the  processor  fork+execve  test,  but  used  89  watts  at  peak 
during  the  same  test,  with  the  same  operating  system  —  Fedora  Core 
Linux  —  in  the  same  configuration  (albeit  a  quad-core  CPU,  rather 
than  a  dual-core). These  numbers  are  somewhat  hard  to  compare,  but 
give  an  indication  of  good  performance  and  power  consumption. 

The  c3000  blade  frame  and  its  components  are  fully  modular  and 
built  to  order.  As  the  options  for  components  are  staggering,  HP  has  a 
Web  site  that  lets  customers  select  components  via  a  Java/flash  appli¬ 
cation.  It’s  a  highly  visual  site,  and  specifics  of  each  blade  are  selected 
by  part  type  (computer  blade,  storage,  tape  and  others)  and  by  placing 
the  selected  components  visually  into  the  enclosure.  HP  should  be 
commended  for  this  new  way  of  buying  and  configuring  servers. 

Storage  options  include  drive  arrays  and  tape  drives.The  drive  arrays 
can  be  connected  through  the  chassis  or  used  as  iSCSI  targets  from 
other  internal  or  external  host  servers.  Because  the  enclosure  is 
designed  to  be  a  self-contained,  mini  data  center,  the  storage  options  — 
often  missing  from  more  data-center-focused  blade  servers  —  will  be 
welcomed  by  small  businesses  and  branches  that  don’t  have  access  to 
high-speed,  over-thenet  backup  architectures. 

The  HP  StorageWorks  Ultrium  440c  tape  blade  stores  data  on  LTO-2 
cartridges,  in  increments  of  data  starting  at  400GB.  We  verified  that  2:1 
compression  is  standard.  We  also  tested  HP’s  StorageWorks  SB600c  All- 
in-One  storage  blade,  which  combines  a  supplied  Windows  Server 
Standard  Edition  to  create  network-attached-storage  shares.The  storage 
also  can  be  used  as  an  iSCSI  target  for  virtualized  storage  for  the  com¬ 
puter  blades.  While  seemingly  targeted  for  Microsoft  NT  File  System 
storage  needs,  we  also  could  use  other  iSCSI  initiators  to  populate  the 
server  after  a  few  configuration  steps  were  found. 
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1  CLEAR  CHOICE  TEST  BLADE  SERVER 


The  SB600c  blade  was  fast.  Same-server  read/writes  (a  file  copy  of  a 
2GB  file)  went  at  340M  bytes/sec  (with  no  other  process  pending  and  in 
a  minimum  configuration,  services-wise).  Writes  from  the  BL460c  blade 
were  slower,  146M  bytes/sec  of  the  same  2GB  file.Then  we  tried  the  iSCSI 
target  software  and  found  that  file  copies  through  a  blade  iSCSI  initiator 
went  faster  (which  surprised  us,  because  there  should  have  been  some 
overhead  or  driver-efficiency  attenuation  to  slow  things  down)  at  161M 
bytes/sec, using  the  same  2GB  file.The  iSCSI  performance  was  impressive. 

Initial  and  ongoing  management 

Several  applications  are  supplied  that  together  let  IT  managers  service, 
support, administer, configure  and  monitor  the  c3000  system  tested.  At  the 
heart  of  the  enclosure  is  the  Onboard  Administrator,  which  also  launches 
the  integrated  Lights  Out  2  (iL02)  blade-management  connection  to 
each  blade  device,  which  can  in  turn,  launch  the  administrator. 

Onboard  Administrator  lives  as  an  autonomous  process  application 
inside  the  system  board  of  the  c-class  enclosure. Through  it,  we  could 
view  many  characteristics  of  the  enclosure,  including  the  c-class  sys¬ 
tems  front-panel  LED  setup  (which  displays  a  health  summary,  basic  IP 
settings,  information  regarding  the  enclosure  and  blade  IDs,  power 
consumption  for  the  six  fans  on  the  enclosure,  and  PIN  information, 
which  is  handy  in  branches  or  potentially  physically  unsecured  areas). 
Unfortunately,  the  PIN  can  be  as  short  as  a  single  character, or  there  can 
be  none  at  all  —  a  bit  of  a  security  risk.  Beyond  the  LED  front-panel 
emulation,  Onboard  Administrator  monitors  each  model’s  power,  heat 
and  other  characteristics,  giving  a  basic  health  synopsis  and  reports 
and  logs  with  e-mail  triggers  for  the  gradients  (from  critical  to  infor¬ 
mational)  of  system  problems. 

IL02  comes  in  two  versions. The  standard  edition  is  bundled  with  the 
system,  and  there’s  an  advanced  Blade  Center  Select  license,  which  we 
received  a  demonstration  of  but  did  not  test.The  basic  iL02  functions  are 
strongly  focused  on  specific  blade-device  characteristics,  and  iL02 
observations  are  made  via  direct  remote  connections  to  agent  software 
running  on  target  blade  devices. 

The  iL02  controls  include  using  a  local,  viewing  machine’s  media 
as  virtual  media  for  the  iL02-managed  device  you  are  connected  to 
(handy  for  updates  and  installations),  viewing  power  settings, 
administering  security  accessibility  (including  managing  SSL  certifi¬ 
cates),  and  configuring  network  and  SNMP  settings.  Blade-server 
configuration  wizards  do  such  things  as  set  RAID  levels  for  blades, 
set  up  iL02  agents  on  blades,  and  then  kick-start  them  (with  a 
reboot). The  optional  Blade  Center  Select  iL02  license  enables  such 
things  as  two-factor  authentication,  group  accounts,  virtual-machine 
provisioning,  and  setting  higher  or  more  thorough  controls  on  power 
consumption.  Some  iL02  functions  require  Firefox,  and  some  of  the 
selections  for  Systems  Insight  Manager  (described  next)  require 
Internet  Explorer. 

There’s  a  30-day  teaseware  license  for  HP’s  Systems  Insight  Manager  as 
well.  This  application  has  lots  of  niceties,  such  as  managing  virtual- 
machine  deployments  with  precision  (especially  with  VMware’s  soft¬ 
ware)  or  monitoring  a  variety  of  operating  system  environments: 
Windows  (NT  through  present), Linux  (Novell’s  SUSE  and  Red  Hat)  and 
The  SCO  Group’s  UnixWare.  Insight  Manager  deserves  a  review  of  its 
own,  but  it’s  optional  here  and  mentioned  for  those  companies  that 
would  need  its  conveniences  when  rolling  out  multiple  quantities  of 
c3000.  Oddly,  some  parts  of  Insight  Manager  require  Internet  Explorer 
6.0+  explicitly.  We  used  Firefox  and  found  that  Konqueror  (KDE)  and 
Safari  (Apple’s  browser)  can  give  Onboard  Administrator  and  iL02  fits 
where  it  refuses  to  work. 

The  Onboard  Administrator  and  iL02  management  and  monitoring 
settings  were  good  enough  to  pass  our  three  “smoke  tests.”  We  placed  a 
plastic  bag  over  the  server  to  see  if  it  would  shut  down  without  frying, 
because  its  settings  were  made  to  trigger  shutdowns  when  the  unit  over¬ 
heated.  It  took  longer  than  we  expected  to  fail  in  this  test  because  power 
supplies  would  fail  (there  were  also  six  fans),  chill,  then  come  alive 
again,  redundantly  Eventually  the  unit  hit  the  “I’m  going  to  cook”  thresh¬ 
old  and  shut  itself  down,  properly  logging  everything  in  detail  as  things 


How  we  did  it 


We  received  a  configuration  from  HP  consisting  of  the  c3000 
chassis  (with  licenses,  $4,300),  one  BL465c  Gl  server  blade, 
GbE2c  Ethernet  Blade  Switch  ($1,400),  BL460c  Gl  server 
blade,  SB600c  Storage  Server  Blade  (with  an  incumbent  SB600c 
separate  storage  blade),  and  an  HP  Storage  Works  Ultrium  448c 
Tape  Blade  ($2,000),  HP  Storage  Works  1.16TB  Storage  Blade 
(serial-attached  SCSI  drives,  $9,970).The  c3000  blade  enclosure 
arrived  with  four  power  supplies,  each  120V  (240V  split-phase  or 
other  international  supplies  and  chassis  are  available). 

We  tested  power  consumption,  and  were  able  to  corroborate 
HP’s  Onboard  Administrator  software’s  measurement  of  the 
blades  sent,  checking  the  figures  it  reported  against  our  power- 
consumption  test  jig;  variances  were  within  2%.  We  also  tested 
the  administrator’s  ability  to  shut  down  the  blades  when  tem¬ 
perature  levels  were  exceeded  (blanket  test).  We  removed  and 
disabled  the  server  blades  in  various  ways  to  monitor  the  ability 
of  iL02  and  Onboard  Administrator  to  detect  problems,  recover 
and  send  warning  messages.  We  also  tested  the  Storage  Works 
600c  blade  subsystem,  using  it  as  a  Windows  network-attached - 
storage  device,  as  well  as  an  iSCSI  target;  it  performed  well.  We 
performed  bulk  file  copies,  and  used  the  iSCSI  target  capability 
to  format  a  partition  and  use  it  as  an  active  virtual  drive  for  sev¬ 
eral  servers  and  clients. 


failed  and  went  into  shutdown  sequences.  Just  before  and  after  restart, 
our  e-mail  box  was  flooded  with  warnings. 

In  our  second  smoke  test,  we  “went  rogue”  and  installed  several  operat¬ 
ing  system  instances  on  the  blades  without  telling  Onboard  Admin¬ 
istrator  or  iL02  to  see  if  either  could  detect  the  changes.  Because  blade 
settings’  probes  are  scheduled,  these  applications  took  about  a  day  to  dis¬ 
cover  something  was  awry  Once  we  also  placed  appropriate  agents  onto 
the  blades,  Onboard  Administrator  and  iL02  were  very  happy  We  also 
found  that  even  though  a  blade  was  misidentified,we  still  could  access  it 
remotely  (the  blade  thought  there  was  a  Windows  server  on  the  blade, 
but  we’d  installed  Fedora  Core  Linux)  through  the  administrator’s  Java 
KVM  capabilities. We  were  impressed. 

And  finally,  we  pulled  blades,  simulated  failures  and  generally  mis¬ 
treated  the  c3000,  giving  it  the  full  user  experience  in  terms  of  the 
strange  things  that  users  do.  We  received  no  unexpected  failures  (all 
server  blades  and  modules  restarted  with  operating  system  com¬ 
plaints  as  expected,  but  all  recovered  within  the  constraints  of  the 
operating  system), and  we  filled  the  logs  with  warnings, errors  and  re¬ 
ported  jitteriness  —  completely  and  correctly. 

Overall 

We  found  the  c3000  to  be  well  designed  for  the  Fortune  500,000  in 
terms  of  flexible  component  options, serviceability  (blade  changeout, 
and  ease  and  understandability  of  hardware  configurations)  and  man¬ 
agement  of  the  overall  enclosure  and  its  components.  The  manage 
ment  tools  are  strong,  understandable,  largely  secure  and  capable. 
What  we’d  like  to  see  are  fewer  management  and  monitoring  software 
administrative  overlaps,  perhaps  a  convenient  combination  of  iL02 
(with  options)  and  Onboard  Administrator,  were  it  possible. Extended, 
this  dream  also  would  add  the  Systems  Insight  Manager  with  its 
options,  unifying  everything  into  a  less  overlapping,  comprehensive, 
one-stop  tool  shop  for  using  the  BladeSystem  c3000.lt  would  make  the 
difference  between  cold  calculation  against  HP’s  formidable  competi¬ 
tion  and  a  truly  compelling  value  deal. 

Henderson  is  principal  researcher  and  Dvorak  is  a  researcher  for 
ExtremeLabs  in  Indianapolis.  Henderson  can  be  reached  at  thender 
son  @extremelabs.  com. 
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iSCSI  over  10G  Ethernet  ultimately  will  dethrone  Fibre  Channel, 
experts  predict,  so  it’s  not  too  early  to  start  planning  a  migration 


BY  BARBARA  OARROW 

ibre  Channel  is  the 
king  of  enterprise 
storage-area-net¬ 
work  technologies. 
It’s  fast,  it  can  han¬ 
dle  long  distances 
and  it’s  got  strong 
vendor  support. 
ISCSI,  however,  is 
the  heir  apparent. When  it  comes 
to  new  SANs,  add-ons  to  existing 
systems  or  departmental-level 
installations  at  large  enterprises 
that  have  Fibre  Channel,  cus¬ 
tomers  increasingly  are  choos¬ 
ing  iSCSI. 

And  when  iSCSI  over  lOGigabit 
Ethernet  comes  online,  the  biggest 
remaining  hurdle  to  adopting 
iSCSI  storage  —  its  perceived  slow 
performance  —  will  fall.  At  that 
point,  iSCSI  will  become  the  stor¬ 
age  interconnection  transport  of 
choice  across  the  enterprise. 

How  soon  until  that  happens? 
Analysts  expect  support  for  10G 
Ethernet  will  be  built  into  enter¬ 


prise  storage  arrays  and  servers 
within  the  next  three  years.  This 
means  IT  executives  need  to  start 
learning  about  iSCSI  now,  begin 
asking  their  storage  vendors 
about  their  iSCSI  road  maps  and 
begin  planning  for  an  orderly 
migration  to  iSCSI. 

There  are  four  reasons  for  the 
ascendance  of  iSCSI: 

Cost.  An  iSCSI  storage  solution 
running  on  familiar  Ethernet  infra¬ 
structure  costs  a  fraction  of  a 
high-end  Fibre  Channel  solution 
in  terms  of  the  technology  and 
the  expertise  needed  to  run  it,  IT 
experts  say 

Staffing.  Finding  good  Fibre 
Channel  talent  can  be  a  chal¬ 
lenge,  and  the  scarcity  drives  up 
the  cost.  “It’s  hard  to  hire  people 
with  Fibre  Channel  expertise,” 
says  Andrew  Reichman,  an  ana¬ 
lyst  with  Forrester  Research. 

Compliance  mandates.  The 
growing  list  of  industry  and  gov¬ 
ernment  mandates  about  the  han¬ 


dling  of  data  —  Sarbanes-Oxley 
the  Health  Insurance  Portability 
and  Accountability  Act,  credit 
card  regulations  —  is  driving  com¬ 
panies  to  think  out  their  storage 
and  archiving  policies  carefully. 
The  need  to  digitize  documents, 
from  simple  forms  to  X-rays,  like¬ 
wise  motivates  companies  to  get 
their  storage  houses  in  order  as 
inexpensively  as  possible  without 
sacrificing  utility  and  reliability 
Virtualization.  “Server  virtual¬ 
ization  is  a  big  driver?  says  John 
Sloane,  analyst  with  Info-Tech  Re¬ 
search  Group.  Many  midsize  com¬ 
panies  that  may  not  have  invested 
in  network  storage  because  of 
cost  now  look  to  consolidate 
more  of  their  Windows  and  x86 
architecture  with  VMware.To  get 
the  best  benefit  from  VMware 
[for]  disaster  recovery,  high  avail¬ 
ability  and  advanced  data  protec¬ 
tion,  you’re  really  driven  toward 
putting  the  virtual-machine  files 
and  data  on  a  SAN,”  he  says. 


When  VMware  added  iSCSI  sup¬ 
port  last  year,  another  hurdle  to 
adoption  fell  away  That  means 
companies  that  “may  have  been 
on  the  fence  about  purchasing 
network  storage  or  staying  with 
direct-attach  storage  now  have  a 
trigger  that  helps  them  see  net¬ 
worked  storage,”  Sloane  says. 

The  confluence  of  these  trends 
has  led  Burton  Group  analyst  Nik 
Simpson  to  refer  to  Fibre  Channel 
as  “dead  technology  walking.” 

Gases  in  point 

Many  customers  aren’t  waiting 
for  10G  Ethernet;  they’re  finding 
plain  old  Ethernet  has  more  than 
enough  horsepower  to  get  the 
job  done.  That’s  the  case  for  the 
IT  department  of  Clackamas 
County  Ore.,  which  has  moved 
from  Fibre  Channel  to  an  Equal- 
Logic  iSCSI  SAN. 

“Our  Fibre  Channel  stuff  is  now 
completely  gone  except  for  one 
Brocade  switch,  [which]  we 


iSCSI  SAN  customers  are  pleased  with  the  performance,  cost  and  overall  ease  of  use 

Survey  asks:  How  would  you  rate  your  organization’s  satisfaction  with  the  following  attributes  of  its  iSCSI  SAN(s)? 


S  Very  satisfied 

9  Satisfied 

9  Neither 
satisfied 
nor 

dissatisfied 

9  Dissatisfied 

9  Very 
dissatisfied 


Network  Capital  cost  Operational  cost  Interoperability  Ease  of 

performance  with  existing  management 

TOTAL  RESPONDENTS  76,  SOURCE:  ENTERPRISE  STRATEGY  GROUP  infrastructure 


Application 

performance 

(e.g.,  e-mail,  database) 


Ease  of  installation 
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bought  specifically  to  manage  IBM 
tape  drives,” says  Chris  Fricke,  senior 
IT  administrator  of  information  ser¬ 
vices  for  the  county  “Now,  every¬ 
thing  is  on  iSCSI  SANs:  our  normal 
file  storage,  our  document  imaging, 
our  Exchange  System  and  our  data¬ 
bases,”  he  says. 

“It’s  considerably  cheaper  not  to 
have  to  deal  with  special  cards  to 
get  it  to  work,  and  we  didn’t  have  to 
train  people  on  new  technologies. 
Our  primary  business  goal  is  not 
baby-sitting  our  storage  infrastruc¬ 
ture,”  Fricke  adds. 

Fricke  isn’t  on  10G  Ethernet  yet, 
but  he’s  building  his  storage  net¬ 
work  with  10G  Ethernet  in  mind. 
“We’d  made  the  decision  that  Fibre 
Channel  wasn’t  working  out  and 
iSCSI  was  the  bomb,”  he  says.  “We 
had  to  look  at  the  entire  market,  so 
we  did  the  evaluation.  The  biggest 
driver  was  cost.  With  Fibre  Channel, 
what  we  had  was  1GB  host  bus 
adapters  (HBA),a  1GB  backplane. 
To  upgrade  all  that  really  is  a  forklift 


Reliability  for  mission-  Vendor  service 
critical  applications  and  support 
(e.g.,  e-mail,  database) 
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Brian  Smith,  technology 
manager  at  marketing 
communications  agency 
Gem  Group,  decided  to 
bag  Fibre  Channel  in 
favor  of  iSCSI. 
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upgrade  to  pull  it  out  and  bring  in  four  gigs  or  whatever.  For 
us,  that  would  have  been  at  least  a  half-million  [dollars]  and 
not  feasible.  So  we  brought  in  EqualLogic  for  $50,000,  and 
we’ll  grow  that  as  we  need  it.” 

“Analysts  have  been  talking  about  iSCSI  on  10-Gigabit 
Ethernet  for  three  or  four  years.  It’s  taken  awhile,  but  now  it 
really  is  gaining  traction  and  coming  up  the  ladder]’  adds 
Info-Tech’s  Sloane. 

Scott  Christiansen,  IT  director  for  Leo  A.  Daly,  an  interna¬ 
tional  architecture  and  engineering  firm  in  Omaha,  Neb., 
also  is  impressed  with  iSCSI  SANs.The  advantage  of  moving 
from  a  complete  network-attached  storage  (NAS)  environ¬ 
ment  to  an  iSCSI  vs.  a  Fibre  Channel  SAN  is  cost  “first  and 
foremost,”  he  says. 

Indeed,  Fibre  Channel  switch-and-HBA  combos  easily  run 
to  $4,000  per  unit,  whereas  standard  iSCSI  SANs  can  operate 
with  off-the-shelf  cards. 

The  Daly  show 

In  Leo  A.  Daly’s  case,  a  Fibre  Channel  solution  would  have 
cost  six  figures  compared  with  less  than  half  that  for  an  iSCSI 
solution,  Christiansen  says. 

The  cost  savings  of  iSCSI  over  Fibre  Channel  happen  at 
every  level,  from  the  cabling  up  through  the  switch  ports  on 
the  IP  switches,  Forrester’s  Reichman  says. 

Best  Best  &  Krieger,  a  Riverside,  Calif.,  law  firm,  is  making 
the  transition  from  HP  Fibre  Channel  technology  to  iStor 
Networks  storage  foremail  archiving.The  move  to  iSCSI  was 
a  no-brainer,  especially  because  the  Fibre  Channel  infra¬ 
structure  was  aging.  “For  us,  going  from  Fibre  Channel  to 
iSCSI  was  an  upgrade,”  says  Tim  Haynes,  senior  manager  of 
IT  for  the  400-person  law  firm. “We  were  pretty  well  maxed 
out  on  the  Fibre  Channel.  To  grow  that  would  have  been 
very  expensive,  and  it  gets  even  more  complex  to  have  a 
highly  available  storage  system  with  Fibre,”  he  says. 

Overall,  iSCSI  brought  simplification.  The  use  of  standard 
networking  gear  for  storage  traffic  is  a  major  benefit.“We’re  a 
Cisco  shop,  and  we  put  in  a  1GB  Ethernet  switch,  and  that’s 
it.  If  it  goes  down,  it’s  easy  to  move  to  another  port  on  anoth¬ 
er  switch,  whereas  to  have  a  Fibre  Channel  switch  sitting  on 
the  shelf  as  a  failover,  or  even  having  one  online  for  redun¬ 
dancy  is  very  complicated.” 

The  Gem  Group, a  Lawrence,  Mass.,  business  specializing  in 
promotional  wares,  also  moved  from  Fibre  Channel  to  iSCSI. 
It  was  outgrowing  its  Xiotech  Fibre  Channel  implementation 
and  evaluated  Fibre  Channel  and  iSCSI  replacements  last 
year.  Its  requirement  for  failover  quickly  ruled  out  four  of  the 
initial  eight  contenders  on  cost  grounds,  says  Brian  Smith, 
technology  manager  for  Gem. The  four  remaining  solutions 
—  from  EMC,  Xiotech,  Compellent  Technologies  and 
EqualLogic  —  all  appeared  to  be  in  the  same  price  range. 
After  Gem  Group  looked  at  the  cost  of  management,  as  well 
as  upfront  price,  however,  only  Compellent  remained. 

Going  with  iSCSI  meant  that  Gem  Group,  with  a  small  IT 
staff,  could  rely  on  its  existing  TCP/IP  and  IP  expertise. 
“Pricing  was  huge,  but  also,  with  just  18  people  on  the  IT 
staff,  we  all  wear  a  lot  of  different  hats,  and  I  was  the  only 
one  who  knew  Fibre  Channel  after  administering  it  for 
four  years.  It’s  difficult  to  manage,  and  learning  it  takes 
time.  We’re  growing  our  business,  putting  in  a  new  ERP 
system  and  we  don’t  want  the  added  expense  of  Fibre 
Channel  expertise,” Smith  says. 

The  case  for  Fibre  Channel 

Of  course,  just  as  few  companies  have  ripped  out  main¬ 


frames  in  favor  of  PC-based  servers,  enterprises  will  not  forklift  out  Fibre  Channel 
for  iSCSI. “Fibre  Channel  will  be  around  for  a  long  time  to  come,”  says  Tony  Asaro, 
analyst  for  Enterprise  Strategy  Group. “There’s  a  ton  of  investment  in  Fibre  Channel 
in  time,  money  and  resources,”  he  says. 

Asaro  adds  that  religious  and  political  fiefdoms  within  companies  can  prolong  a 
technology’s  life  span.  There  are  storage  constituencies  within  organizations  that 
have  bet  on  Fibre  Channel  and  will  defend  it  to  the  end. 

The  result  doesn’t  have  to  be  an  all-or-nothing  proposition.  Scott  Winslow, 
founder  and  CEO  of  Winslow  Technology  Group,  a  Boston  storage  specialist,  esti¬ 
mates  10%  to  15%  of  his  customers  are  on  iSCSI,  30%  on  Fibre  Channel  and 
about  60%  on  a  combination. 

A  common  misperception  about  iSCSI  SANs  is  that  they  can  run  on  the  same 
Ethernet  backbone  as  other  traffic.That  is  technically  true,  but  the  thought  of  such 
commingling  is  anathema  to  some  experts,  who  cite  security  concerns. 

In  reality  the  recommended  implementation  for  iSCSI  storage  is  to  run  it  on  a  sep¬ 
arate  Ethernet  network.  Even  in  that  instance,  the  costs  are  less  than  with  Fibre 
Channel,  because  IT  staff  is  dealing  with  the  same  set  of  protocols  and  manage¬ 
ment  tools  across  data  and  storage  backbones. 

The  Gem  Group  maintains  separate  storage  and  data  networks  for  security  and 
performance  reasons  “but  the  switches  are  interconnected,”  Smith  says.  “We  have 
the  data  center  and  one  data  closet, so  we  have  some  physical  servers  and  some  vir- 

See  Fibre  Channel,  page  52 


Survey  says:  iSCSI 

According  to  research  and  surveys  conducted  by  the  Enterprise 
Strategy  Group,  iSCSI  deployments  will  begin  to  replace  storage- 
area  networks  and  network-attached  storage  over  the  next  three 
years:  Early  iSCSI  adopters  that  have  deployed  networked  storage  believe 
their  current  solutions  will  be  replaced  by  iSCSI  SANs  over  time.  Respon¬ 
dents  who  have  experience  with  networked  storage  and  iSCSI  are  beginning 
to  recognize  where  iSCSI  fits  in  their  organization. They  already  have  identi¬ 
fied  additional  uses  for  iSCSI  and  are  finding  that  over  time  they  will  contin¬ 
ue  to  use  iSCSI  for  applications  for  which  they  may  have  used  a  SAN  or 
NAS  in  the  past. 

Existing  NAS  customers:  32%  of  respondents  believe  they  will  replace  NAS  with 
iSCSI  to  some  extent  over  the  next  three  years;  47%  believe  they  will  not  replace 
existing  NAS  infrastructure  but  will  deploy  iSCSI  SANs  as  new  buildouts. 


Existing  Fibre  Channel  customers: 
Over  the  next  three  years,  early  iSCSI 
adopters  that  have  deployed  networked 
storage  expect  that  Fibre  Channel  will  be 
replaced  with  iSCSI  to  some  extent  (38%); 

Type  of  networked 
storage  already  deployed 

42%  believe  that  iSCSI  SANs  will  be  new 
SAN  buildouts  and  will  not  replace  Fibre 
Channel  over  the  next  three  years. 

Fibre  Channel  SAN 
and  iSCSI  SAN 

Fibre  Channel 

SAN  and  NAS 
and  iSCSI  SAN 

Over 

the  next  three 
years,  to  what 

PYtpnt  mill 

We  will  replace  Fibre 
Channel  SAN(s)  with 
iSCSI  SAN(s)  to  a 
significant  extent. 

25% 

13% 

your  organi¬ 
zation  replace 
Fibre  Channel 
SAN(sJ  with 
iSCSI  SAN(s)? 

We  will  replace  Fibre 
Channel  SAN(s)  with 
iSCSI  SAN(s)  to 
some  extent. 

33% 

43% 

We  will  not  replace  Fibre 
Channel  SAN(s)  with 
iSCSI  SAN(s)  —  iSCSI 
SAN(s)  buildouts  will  be 
additive. 

42% 

45% 
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Fibre  Channel 

continued  from  page  50 

tual  servers  in  the  secondary  closet  along  with 
a  secondary  SAN  that’s  connected  at  fiber-optic 
speeds.That  let  us  do  longer  distances  between 
data  sites  without  degradation,”  he  says. 

In  addition,  although  iSCSI  on  Ethernet  runs 
on  standard  cards,  performance-boosting  and 
pricier  HBAs  still  are  often  necessary  to  take 
advantage  of  10G  Ethernet.  Thus,  the  real  cost 
savings  of  moving  from  Fibre  Channel  to  iSCSI 
may  be  less  dramatic  than  some  proponents 
say  Winslow  Technology’s  Winslow  estimates  in 
some  cases  the  savings  is  more  like  10%  to  15% 
than  the  higher  figures  some  pundits  cite. 

It  seems  certain  that  the  cost  of  Fibre  Channel 
components  will  fall  as  iSCSI  storage  gains 
ground,  further  narrowing  the  price  gap. 

Although  purists  may  not  be  pleased, a  hybrid 
Fibre-Channel-and-iSCSI  approach  is  finding 
acceptance  in  many  sites. 

Winslow,  who  sells  Compellent  products,  says 
several  of  his  customers  use  Fibre  Channel  for 
their  main  storage  repository  but  plug  in  addi¬ 
tional  iSCSI  cards  for  failover  storage  needs. 

Experts  agree:  iSCSI  it  will  be 

But  even  after  giving  Fibre  Channel  its  due,  the 


consensus  is  that  iSCSI  is  the  ultimate  winner. 

Analysts  and  users  cite  the  upfront  cost  of 
Fibre  Channel  components,  but  stress  that  spe¬ 
cialized  expertise  continues  to  be  a  problem. 
Winslow  agrees  that  companies  adding  to  an 
existing  storage  infrastructure  or  moving  from 
direct-attached  storage,  more  likely  will  opt  for 
iSCSI  over  Fibre  Channel.  Another  iSCSI  plus  is 
that  such  important  features  as  data  replication 
and  snapshots  have  been  a  la  carte  menu 
items  in  the  Fibre  Channel  realm  but  are  part 
and  parcel  of  iSCSI. 

EqualLogic’s  storage  solution  brought  Leo 
A.  Daly  advanced  features,  including  snap¬ 
shotting  and  bit-level  replication  between 
devices,  for  which  they  would  have  had  to 
pay  extra  in  the  Fibre  Channel  world,  Christ¬ 
iansen  says.  Snapshotting  lets  the  system  roll 
back  to  data  at  a  set  period  in  time  in  case  of 
a  failure. 

Clackamas  County’s  Fricke  also  stressed  this 
point:  “When  we  bought  Fibre  Channel,  we 
couldn’t  even  afford  snapshotting  or  replica¬ 
tion.”  Both  capabilities  are  now  deployed  at  no 
extra  cost. 

IT  experts  also  say  that  with  implementation 
know-how,  iSCSI  can  rival  current  Fibre  Chan¬ 
nel  speeds.  The  Gem  Group’s  Smith  opted  for 
HP  switches  that  will  support  10G  Ethernet  if 


the  company  needs  to  go  that  route,  but  he  also 
went  with  enterprise-class  connections  rather 
than  standard  network  interface  cards  to  opti¬ 
mize  performance. 

“We  do  multiple  connections, on  each  server. 
I  go  with  a  two-port  QLogic  card  with  two  1GB 
connections.  You  can  connect  that  into  the 
SAN  in  active/active  mode.  People  say  Fibre 
Channel  is  faster  at  two  or  four  gigs,  but  I 
already  have  two  gigs  with  iSCSI,”  Smith  says. 

Storage  analysts  see  the  writing  on  the  wall. 
“We  believe  that  iSCSI  will  be  the  dominant  SAN 
interconnect  over  time,”  the  Enterprise  Strategy 
Group’s  Asaro  says.  ‘Although  Fibre  Channel  is 
the  leading  storage-networking  interconnect,  it  is 
not  ubiquitous  because  ultimately  it  is  expensive 
and  complex.”  Companies  that  have  imple¬ 
mented  it  see  the  value  in  terms  of  perform¬ 
ance  and  reliability  “However,  Fibre  Channel 
has  not  reached  universal  adoption  and  there¬ 
fore  requires  either  complementary  or  replace¬ 
ment  technology  This  is  where  iSCSI  plays  a 
vital  role,”  he  says. 

Sloane  of  Info-Tech  agrees. “There  is  tremen¬ 
dous  growth  opportunity  For  iSCSI  there  is 
nowhere  to  go  but  up.” 

Darrow,  a  Boston-area  freelance  writer,  can  be 
reached  at  badarrow@comcast.net. 
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Human  factors  critical  to  data  center  management. 

By  John  Burke 

Secrets  of  running  a  data  center  well 


The  most  successful  data  center  I  ever  saw  was  anomalous  in 
several  ways  that  I  think  are  worth  considering.  First,  and  most 
shockingly,  it  was  much  too  large  for  the  equipment  it  needed  to 
contain.  It  was  not  brand-new  and  yet  to  be  filled,  either.  Instead, 
it  had  been  carefully  managed  so  that  as  servers  became  smaller 
and  more  powerful,  the  need  for  space  shrank.  Nothing  in  it 
was  new  for  the  sake  of  newness,  nothing  in  it  was  upgraded, 
expanded,  or  replaced  without  a  solid  business  case,  and  when 
things  were  replaced,  they  were  replaced  -  that  is,  the  old  system 
left  after  the  new  one  came  on  line.  Some  commodity  activity,  like 
Web  serving,  was  outsourced. 
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NEWS  ANALYSIS 


WiMAX  still  has  long  way  to  go 

But  Cisco  buyout  of  WiMAX  vendor  could  boost  the  wireless  technology 


BY  JOHN  COX 

Ciscos  deal  to  acquire  WiMAX-equipment 
vendor  Navini  shines  a  bright  light  on  this 
emerging  technology  For  corporate  network 
executives,  however,  the  light  is  largely  orna¬ 
mental  because  there  aren’t  any  WiMAX  net¬ 
works  in  the  United  States,  at  least  on  any 
scale,  so  the  slowly  growing  inventory  of 
WiMAX  client  cards  or  adapters,  or  customer- 
premises  equipment  generally  is  high-tech 
paperweight  —  at  least  for  now. 

In  a  recent  study  Solis  concluded  that  WiMAX 
services  will  be  widely  available  by  2009,  and 
projects  95  million  “fixed”  CPE  users  and  200 
million  mobile  device  users  equipped  with 
WiMAX  by  2012.  in  addition,  a  study  by 
Infonetics  Research, based  on  interviews  at  550 
companies,  predicts  that  mobile  WiMAX  will 
be  adopted  by  1 1%  of  them  by  201 1 . 

WiMAX  is  the  term  for  products  based  on 
the  first  IEEE  standard  for  wireless  broad¬ 
band  access:  802. 16d  for  fixed,  and  802. 16e 
for  mobile  WiMAX.  Most  analysts  ultimately 
expect  to  see  offering  in  both,  with  data  rates 
of  1M  to  4Mbps. 

“Enterprise  deployment  can  use  fixed 
WiMAX  to  provide  network  connectivity  and 
Internet  access,  and  backup  connections;  and 
small  business  will  use  fixed  WiMAX  as  an 
alternative  toT-ls,”says  Phil  Solis,  WiMAX  ana¬ 
lyst  with  AB1  Research. “Mobile  WiMAX  will  be 
used  by  enterprise  customers  and  consumers, 
with  consumers  having  a  wider  array  of 
devices  to  use  on  the  network,  such  as  mobile 
Internet  devices  and  consumer  electronics, 
such  as  portable  media  players,  game  devices 
[and]  cameras.” 

“The  combination  of  fixed  and  mobile  is  a 
major  difference  of  WiMAX  compared  to  cellu¬ 
lar;’ says  Monica  Paolini,  president  of  Sensz  Fili 
Consulting,  which  tracks  the  wireless  market. 
“Cellular  services  can  not  support  mass-market 
adoption  of  bundled  fixed  and  mobile  ser¬ 
vices,  but  WiMAX  can.” 

WiMAX  achieves  its  data  rates  from  a  combi¬ 
nation  of  advanced  technologies  that  will  also 
eventually  undergird  the  evolution  of  both 
GSM  and  Code  Division  Multiple  Access 
(CDMA)  cellular  networks.  Cellular  carriers, 
however,  are  pushing  significant  gains  in 
Evolution  Data  Optimized  (EV-DO)  Revision  A 
and  High-Speed  Downlink  Packet  Access 
(HSDPA),and  promise  still  higher  data  rates  in 
the  next  few  years. 

WMAX,  however,  also  offers  now,  besides 
multimegabit  data  rates,  an  all-IP  network. 
Among  other  things,  IP  makes  for  simpler  and 
less  expensive  network  infrastructures.“One  of 
the  key  components  of  whatever  the  [event¬ 
ual]  ‘4G’  standard  will  be  is  that  is  has  to  be  all 
IF?  says  Daryl  Schoolar,  IDC’s  research  manager 


for  wireless  and  mobile  infrastructure.'^  makes 
for  a  more  efficient  Internet  network,  com¬ 
pared  to  running  IP  over  a  voice  network.” 

The  first  mobile  WiMAX  services  —  from 
Sprint  Nextel  and  ClearWire  —  won’t  be  acti¬ 
vated  before  May  2008  on  the  licensed  2.5GHz 
band.  Sprint  has  said  its  network  now  dubbed 
XOHM,wiIl  be  available  to  100  million  users  by 
the  end  of  2008.“That’s  a  pretty  aggressive  time 
line,”  says  Jeff  Orr,  senior  analyst  at  Maravedis, 
which  covers  the  wireless  broadband  access 
market.  Orr  says  smaller  regional  WiMAX  pro¬ 
viders, such  as  Digital  Bridge  Communications, 
are  leasing  2.5GHz  spectrum  in  the  so-called 
Instructional  Television  Fixed  Service  band, 
originally  set  aside  for  colleges  and  universities 
to  offer  distance-learning  TV  broadcasts. 

According  to  analysts,  base  station  and  client 
equipment  currently  certified  by  the  WiMAX 
Forum  runs  only  on  the  3.5GHz  frequency 
which  in  the  United  States  is  reserved  for  mili¬ 
tary  use.  Some  fixed-WiMAX-compatible,  but 
not  yet  certified  equipment  is  available  on  the 
5.8GHz  band.  Orr  expects  these  products  to 
win  certification  in  the  future. 

Orr  says  the  quick  uptake  in  advanced  cellu¬ 
lar  data  services,  such  as  EV-DO  Revision  A  and 
HSDPA,  could  be  preparing  the  ground  for 
acceptance  of  mobile  WiMAX  services.“People 
have  a  chance  to  see  what  these  data  services 
are  like,  with  various  device  form-factors,  and 
getting  Internet  access  with  speeds  closer  to 
[wired]  DSL  all  the  time,  with  no  location 
restrictions,”  he  says.  Mobile  WiMAX,  however, 
should  match  or  exceed  the  wired  speeds  peo¬ 
ple  are  used  to  at  home,  he  says. 

These  services  probably  will  be  very  afford¬ 
able,  according  to  analysts  and  vendors. 
Network  providers  can  use  their  existing  cell  or 
wireless  broadband  sites,  for  example,  keeping 
property  and  construction  costs  down.  The 
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open-standards  approach  of  WiMAX  introduces 
strong  competitive  market  pressures  to  every 
component  in  the  WiMAX  network,  Orr  points 
out.  By  contrast,  CDMA  networks  have  a  cost 
structure  that’s  determined  in  part  by  the  royal¬ 
ties  set  by  the  company  that  controls  the  CDMA 
intellectual-property  portfolio,  Qualcomm. 

Executives  at  Nortel  say  their  studies  show 
that  WiMAX  networks  can  be  deployed  at  as  lit¬ 
tle  as  one-sixth  the  cost  of  today’s  3G  networks. 
“Base  stations  are  smaller,  more  compact  than 
for  2G  and  3G  nets,  and  because  it’s  based  on  a 
flat  IP  architecture,  WiMAX  means  there’s  less 
networking  infrastructure  needed,”  says  Danny 
Locklear,  Nortel’s  director  of  wireless  product 
marketing. 

With  Orthogonal  Frequency-Division  Multi¬ 
plexing  (OFDM),  and  the  use  of  wider  radio 
channels,  the  capacity  of  each  base  station  is 
greater.  “You  can  use  fewer  base  stations  to 
cover  the  same  area  [compared  to  2G  or  3G] , 
or  you  can  have  the  same  number  of  nodes 
with  greater  performance,”  Locklear  says.“Many 
more  subscribers  can  be  brought  into  the 
[WiMAX]  network.” 

Sprint  CTO  Barry  West  in  the  past  has  made  a 
similar  argument,  saying  that  WiMAX  is  one 
tenth  the  cost  per  bit  of  CDMA  “It’s  as  simple  as 
that,”  he  said  in  an  earlier  Network  World  inter- 
view.“It’s  physics.” 

WiMAX  could  spark  other  changes,  accord¬ 
ing  to  Maravedis’  Orr. Today  customers  register 
and  use  one  handset  on  a  wireless  network. 
With  IP-based  WiMAX,  he  says,  users  can  use 
multiple  devices  on  the  IP  network:  multime¬ 
dia  devices;  VoIP  phones;  and  even  devices 
that  today  you  have  to  hook  to  a  PC,  such  as 
digital  cameras  or  iPods. “Don’t  expect  Kodak 
to  introduce  a  device  that  has  to  be  certified 
by  Sprint  before  it  can  be  used  on  the  net¬ 
work,”  he  says.  ■ 
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Look  out!  It’s  FrankenSCO! 


BACKS  PIN 

Mark  Gibbs 


his  is  a  real  Halloween  story:  A  few  weeks 
ago  the  Santa  Cruz  Operation  looked  like 
a  zombie.The  company  filed  for  Chapter 
1 1  protection  on  Sept.  14,  one  month  after  a 
federal  district  court  judge  ruled  that  SCO  was¬ 
n’t  the  owner  of  the  Unix  operating-system 
copyrights  that  the  company  had  used  as  the 
basis  for  litigation  and  extortion. 

The  court  further  concluded  that  the  copyrights 
are  owned  by  good  old  Novell  (yes.it  is  still  around)  and  ruled  that  “SCO 
is  obligated  to  recognize  Novell’s  waiver  of  SCO’s  claims  against  IBM  and 
Sequent”  and,  even  better,  now  owes  Novell  $30  million  in  royalties. 

Dari  McBride,  SCO’s  CEO,  was  quoted  as  saying, “We  want  to  assure  our 
customers  and  partners  that  they  can  continue  to  rely  on  SCO  products, 
support  and  services  for  their  critical  business  operations.”  Hah! 

Now,  I  won’t  attempt  to  summarize  the  whole  history  of  what  has  been  a 
sordid  tale  of  manipulative  and  unethical  behavior  on  the  part  of  SCO, 
but  1  do  want  to  examine  the  various  companies  that  have  kept  SCO 
afloat  despite  the  blindingly  obvious. 

Back  in  the  middle  of  2003,  about  six  months  after  SCO  first 
announced  it  was  going  to  investigate  infringement  of  its  intellectual 
property  (that  is,  Unix),  it  launched  SCOsource.This  was  a  business 
division  created  to  manage  the  company’s  intellectual  property  along 
with  a  license  program  for  companies  using  Linux. 

In  essence,  the  license  —  priced  at  $699  per  server  processor,  $199 
per  desktop  system  and  $32  per  embedded  system  —  was  the  high- 
tech  version  of  an  organized-crime  protection  racket.  In  this  case  the 
protection  was  from  SCO  suing  in  the  future, should  the  courts  confirm 
its  claims  that  Linux  included  its  intellectual  property 
There’s  no  definitive  list  of  which  companies  ponied  up  the  license 


fees,  but  a  few  are  known:  EV1  Servers  (a  hosting  company  for  a 
reputed  $850,000),  CA  (as  part  of  a  $40  million  deal),Questar  (an 
energy  company  for  an  unknown  amount)  and  Leggett  &  Platt  (a 
manufacturing  company  also  for  an  unknown  amount). 

These  companies  displayed  a  complete  lack  of  spine  in  buying  “pro- 
tection.”We  can  only  conclude  their  management  and  lawyers  were 
total  wusses.What  we  do  know  is  that  their  license  fees  in  no  small 
part  prolonged  the  whole  farce.  Without  their  money  SCO’s  bankroll 
would  have  dwindled  considerably  faster.  After  all,  SCO’s  biggest 
expense  was  legal  services.  In  the  last  quarter,  the  company’s  legal  bill 
was  $9  million. 

Two  other  notable  organizations  purchased  SCOSource  licenses: 
Microsoft  and  Sun  —  but  not  because  either  was  in  any  way  worried 
about  prosecution.You  would  have  to  be  pretty  naive  not  to  conclude 
that  the  two  companies  saw  contributing  to  SCO’s  coffers  was  simply  a 
way  to  dampen  the  market’s  enthusiasm  for  Linux.  Of  course,  since 
then  Sun  has  —  to  understate  the  case  —  changed  its  tune  regarding 
Linux.  Also  keeping  SCO  in  the  game  was  BayStar  Capital  and  the 
Royal  Bank  of  Canada,  which  together  invested  $50  million  in  2003. 

So,  who  are  the  investors  saving  SCO  from  bankruptcy  now?  JGD 
Management  has  offered  $36  million  (see  www.nwdocfinder.com/ 
2251). This  is  like  someone  agreeing  to  become  captain  of  the 
Titanic  after  it  has  hit  the  iceberg. 

While  I  understand  the  reasons  that  SCOSource  licensees  coughed 
up,  1  am  at  a  loss  as  to  why  investment  companies  injected  so  much 
cash  into  what  was  obviously  IP-trolling  at  its  ugliest,  and  why  new 
investors  would  want  to  buy  a  hollow,  rotting  shell.  SCO  has  turned 
from  a  zombie  into  Frankenstein.  Will  the  horror  never  end? 

1/  can  get  scary  in  Ventura,  Calif.  Trick  or  treat  at  backspin@gibbs.com. 


Unlimited  gall  to 

New  York  state  has  given  Verizon  Wireless  a 
million  new  reasons  to  understand  that 
even  when  used  in  advertising,  the  word 
“unlimited” should  mean  what  it  means  else¬ 
where  in  polite  society 
New  York  Attorney  General  Andrew  Cuomo 
announced  last  week  that  his  office  had  beat¬ 
en  a  $1  million  “agreement”  out  of  Verizon 
Wireless  that  will  see  the  carrier  compensate 
13,000  customers  it  had  summarily  disconnect¬ 
ed  from  their  “unlimited”  plans  because  they  had  taken  the  word  to 
mean  what  it  means. 

Cuomo’s  office  found  “that  Verizon  Wireless  prominently  marketed 
these  plans  as ‘Unlimited ’without  disclosing  that  common  usages,  such 
as  downloading  movies  or  playing  games  online,  were  prohibited. The 
company  also  cut  off  heavy  Internet  users  for  exceeding  an  undis¬ 
closed  cap  of  usage  per  month.” 

A  million  bucks  is  essentially  petty  cash  for  a  company  this  size 
—  the  public-relations  beating  will  likely  prove  more  costly  —  but 
the  episode  should  nonetheless  act  as  a  deterrent  for  other  carri¬ 
ers  tempted  to  sprinkle  their  advertising  with  manure.  At  least 
that’s  the  theory. 

As  for  Verizon’s  take  on  the  matter?  Well,  it  was  priceless:  “We  are 
pleased  to  have  cooperated  with  the  New  York  Attorney  General 
and  to  have  voluntarily  reached  this  agreement,”  a  company 
spokesman  told  Associated  Press. “When  this  was  brought  to  our 
attention,  we  understood  that  advertising  for  our  NationalAccess 
and  BroadbandAccess  services  could  provide  more  clarity” 

See,  it  was  all  a  big  misunderstanding. 

Here  at  Buzzblog  we  like  to  believe  that  we  go  out  of  our  way  to 
accept  business-speak  for  what  it  is  and  not  immediately  presume 


cost  Verizon  $  1  million 

the  worst  about  corporate  intentions. 

Such  latitude,  however,  is  not  unlimited. 

$2  a  month?  -  Too  much! 

No  one  ever  wants  to  pay  anything  for  something  they’ve  been  get¬ 
ting  all  along  for  free  (hence,  the  hokeyold  admonition  about  cows, 
milk  and  sex  before  marriage.) 

So,  it  should  come  as  no  surprise  that  72%  of  respondents  in  a  new 
survey  by  Parks  Associates  contend  they  would  abandon  their 
favorite  social-networking  site  altogether  before  paying  a  measly  two 
bucks  a  month. The  surprise  is  that  almost  28%  claim  they  would  be 
willing  to  pony  up. 

But  what  people  profess  in  polls  and  what  they  do  in  the  privacy  of 
their  own  Web  browsers  are  not  necessarily  one  and  the  same. 

As  predictable  as  that  72%  may  be,  it  says  here  that  a  bunch  of  those 
folks  are  not  being  truthful  with  themselves,  the  firm  doing  the  poll  or 
both,  because  if  MySpace  started  charging  $2  a  month  tomorrow,  there 
is  no  way  in  this  or  Second  Life  that  three  out  of  four  MySpacers  would 
just  drop  their  precious  pages  and  their  friends  like  fifth-period  French. 
There  would  be  caterwauling  and  a  meaningful  number  of  defections, 
but  I’m  thinking  it’s  more  likely  that  three  out  four  would  pay  to  stay 
than  that  three  out  of  four  would  walk. 

Two  bucks  a  month?  Heck,  even  to  teenagers  that’s  chump 
change  these  days. 

Of  course,  the  difficulty  both  with  such  surveys  and  disputing  their 
conclusions  is  that  there  is  really  no  way  to  settle  the  argument  short  of 
one  of  these  sites  actually  asking  for  $2  a  month. 

Go  ahead,  MySpace,  call  their  bluff  (it’s  not  my  money). 

I’m  considering  collecting  a  $2  fee  before  I'll  open  e-mail  from  readers. 
The  address  is  buzz@nww.com. 
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“This  is  by  far  the  best 
defrag  product. . .  After 
installing  Diskeeper  2008 
I  don’t  have  to  worry  about 
disk  fragmentation  ever 
again.  It  does  everything 
for  me  invisibly  in  the 
background.  ” 

Jozo  Capkun,  President 

Komoko  Services  Limited 


It’s  Smart. 

It’s  Transparent. 

It  Will  Take  Your  System  From  Zero  to  Sixty — Automatically! 


Automatically  and  invisibly  solve  disk  performance  issues — forever 

File  fragmentation — the  splitting  of  files  in  tens,  hundreds  or  thousands  of  pieces — puts  the  brakes 
on  system  performance.  It  slows  access  to  a  crawl.  It  causes  delayed  application  launches  and  slow 
boot  ups.  It  can  even  cause  system  crashes. 

Introducing  the  first  and  only  completely  automatic  defragmentation  solution.  New  Diskeeper®  2008  with 
InvisiTasking'”  defragments  in  real-time,  invisibly  in  the  background.  Intelligently  monitors  and  utilizes 
only  idle  system  resources,  while  users  continue  to  work.  And  with  fragmentation  completely  eliminated, 
your  performance  flies.  Systems  are  maintained  at  peak  performance  and  reliability — automatically! 


►  True  transparent,  background  defragmentation,  unnoticeable  to  applications 
and  users — except,  of  course,  for  the  newfound  performance  and  reliability. 

►  No  scheduling  required.  Ever.  Ever.  Ever. 

►  Adaptive  technology  boosts  access  to  your  most  commonly-requested  files, 
beyond  defragmentation  alone. 

►  Work  smarter  not  harder.  Each  volume  is  different.  Dynamic  intelligence  determines 
and  delivers  maximum  minute-to-minute  benefits  with  minimal  effort. 

►  Advanced  defragmentation  uniquely  designed  for  high-capacity,  high  traffic  disks. 

►  No  room  to  move?  Extreme  fragmentation?  No  problem.  New,  complete 
defragmentation  in  all  conditions — even  with  less  than  1  %  free  space. 

►  Critical  system  file  fragmentation  now  automatically  prevented. 

►  Allows  you  to  leverage  VSS  data  protection  and  the  performance  and  reliability 
of  defragmentation. 


FREE  OFFER 


with  InvisiTasking- 

Diskeeper  2008 

Maximizing  Performance  and  Reliability— Automatically  - 

Try  New  Diskeeper  2008 
Free  for  45  Days! 

Download  at  www.diskeeper.com/nw2008 

Note:  Special  45-day  trialware  is  only  available  at  the  above  link 

Volume  licensing,  government  and  educational  discounts 
are  available  from  your  favorite  reseller.  For  a  free  quote  visit 
www.diskeeper.com/quote11  or  call  800-829-6468.  Code  4006 
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Solaris™  is  open  source  and  free. 
It  runs  on  IBM,  HP  (and  Sun,  too.) 


With  Solaris;  you  can  do  a  lot  more.  Add  reliability  and  data  integrity  to 
your  databases.  Confidently  deploy  a  secure,  scalable  Web  infrastructure. 
Plus,  you  can  run  Solaris  on  over  880  x86  Platforms  and  still  benefit  from 
Sun's  24/7  world-class  support. 

Learn  more,  download  or  get  your  free  DVD  today  at  sun.com/getsolaris. 

And  join  the  Solaris  open  source  project  at  opensolaris.org. 
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Call  your  local  Sun  Sales  Representative,  Sun  Authorized  Partner  or  (888)516-9362. 
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